| |
| |||||||
Log-Analyse und Auswertung: Win XP - Trojan.FakeAlert - Malware.Trace - HijackerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.02.2013, 00:57
| #1 |
 |  Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo, Ich verwende Win XP und habe Malwarbytes laufen lassen, dabei sind folgende Infektionen dargestellt worden - Trojan.FakeAlert - Malware.Trace - Hijacker Der Rechner verhält sich aber nicht auffällig anders. Bitte helft mit. Logfile Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.20.07 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Lutoxxxx :: NIVALULI [Administrator] 20.02.2013 22:16:41 MBAM-log-2013-02-20 (22-26-31).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 268814 Laufzeit: 8 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 9 HKCR\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCR\TypeLib\{E24211B3-A78A-C6A9-D317-70979ACE5058} (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCR\XML.XML.1 (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCR\XML.XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Monopod (Trojan.FakeAlert) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\NordBull (Malware.Trace) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_XMLLookup (Hijacker.XMLLookup) -> Daten: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_Application (Hijacker.Application) -> Daten: hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|bak_intl (Hijacker.intl) -> Daten: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 3 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|XMLLookup (Hijacker.XMLLookup) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|Application (Hijacker.Application) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations|intl (Hijacker.intl) -> Bösartig: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Gut: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter OTL logfile created on: 22.02.2013 00:08:49 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Lutoxxxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,42 Gb Available Physical Memory | 47,28% Memory free 4,84 Gb Paging File | 3,28 Gb Available in Paging File | 67,78% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,05 Gb Total Space | 174,65 Gb Free Space | 58,60% Space Free | Partition Type: NTFS Computer Name: NIVALULI | User Name: Lutoxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) PRC - C:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) PRC - C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe (AVM Berlin) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () PRC - C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\ef1d9614d051bc4a8dbde75ac1ef851d\System.Deployment.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a351cdca2d71ee68ae3a581e13553b19\PresentationFramework.Luna.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\2abe0b9f0e996273614f4cf1f6808eed\PresentationFramework.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\2e26794770e6d33cf79a7f8daa4a48c3\PresentationCore.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\4b889e41364baff1e456817b4777b610\WindowsBase.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\96b7a0136e9e72e8f4eb0230c20766d2\System.Configuration.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fm4av.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\managedupnp.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Spam Control\fsas.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSPC\fspcfsm.eng () MOD - \\?\c:\programme\m-net\sicherheitspaket\hips\fsumi.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\strres.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\gres.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\fsavures.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\flyerres.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\aboutres.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\about.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsavhres.eng () MOD - c:\Programme\M-net\Sicherheitspaket\DAAS2\daas2.dll () MOD - C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () MOD - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\CustomUIResource.dll () MOD - C:\Programme\Intel\WiFi\bin\iWMSProv.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\WINDOWS\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () MOD - C:\WINDOWS\system32\msdmo.dll () MOD - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\dlaapi_w.dll () MOD - C:\WINDOWS\system32\btwicons.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FSORSPClient) -- C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FSMA) -- C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (STacSV) -- c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (sprtsvc_dellsupportcenter) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (WLANKEEPER) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (avmidentd) -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (kftiqpow) -- C:\DOKUME~1\Lutoxxxx\LOKALE~1\Temp\kftiqpow.sys File not found DRV - (Changer) -- File not found DRV - (F-Secure Gatekeeper) -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (avmaudio) -- C:\WINDOWS\system32\drivers\avmaudio.sys (AVM Berlin) DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (SSHDRV86) -- C:\WINDOWS\system32\drivers\SSHDRV86.sys () DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin) DRV - (F-Secure HIPS) -- C:\Programme\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (O2SDGRDR) -- C:\WINDOWS\system32\drivers\o2sdg.sys (O2Micro ) DRV - (O2MDGRDR) -- C:\WINDOWS\system32\drivers\o2mdg.sys (O2Micro ) DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.) DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (GemCCID) -- C:\WINDOWS\system32\drivers\GemCCID.sys (Gemalto) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv09) -- C:\WINDOWS\system32\drivers\acedrv09.sys (Protect Software GmbH) DRV - (acehlp09) -- C:\WINDOWS\system32\drivers\acehlp09.sys (Protect Software GmbH) DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.msn.com/sphome.aspx IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/sphome.aspx IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.live.com IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fcb.de/ IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Bing" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.fcbayern.telekom.de/de/aktuell/start/index.php" FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926 FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.15.100013 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0 FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280 FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0 FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2011.7.0.8 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\programme\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2013.02.14 09:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.15 17:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.29 20:20:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.12 09:18:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.02.19 21:11:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.21 11:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Extensions [2010.07.21 11:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.10.04 19:17:55 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions [2012.10.04 19:17:55 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.02.06 07:22:42 | 000,000,000 | ---D | M] ("Ask Toolbar") -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions\toolbar@ask.com [2011.08.03 18:30:53 | 000,330,316 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions\personas@christopher.beard.xpi [2013.01.29 20:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.26 15:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.28 08:14:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.15 17:23:53 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (XML Class) - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\programme\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tuloxFreeWBE] C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [AVMUSBFernanschluss] C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [EA Core] "C:\Programme\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [EssentialPIM] C:\Programme\EssentialPIM\EssentialPIM.exe (Astonsoft Ltd) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe File not found O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE25EA7C-502D-499D-BC6A-7073B00B43A9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.22 00:07:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe [2013.02.20 21:15:28 | 004,232,976 | ---- | C] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\fseasyclean.exe [2013.02.19 21:11:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2013.02.17 13:31:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Erbfälle [2013.02.17 13:31:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\AAV [2013.02.17 12:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\AAV [2013.02.17 12:48:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\InfoBibliothek 2 [2013.02.17 12:47:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ErbschaftsPlaner [2013.02.17 12:45:03 | 000,000,000 | ---D | C] -- C:\Programme\Akademische Arbeitsgemeinschaft [2013.02.17 12:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2013.02.17 10:46:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Malwarebytes [2013.02.17 10:46:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.17 10:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.17 10:46:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.17 10:46:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.16 19:49:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2013.02.16 19:49:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2013.02.16 19:49:35 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2012.08.15 17:24:15 | 000,656,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll [2012.08.15 17:24:15 | 000,361,984 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll [2012.08.15 17:24:15 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\dunzip32.dll [2012.08.15 17:24:15 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll [2012.08.15 17:24:15 | 000,034,304 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll [2012.08.15 17:24:15 | 000,016,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll [2012.08.15 17:24:14 | 001,115,376 | ---- | C] (Gracenote) -- C:\Programme\cddbmusicid.dll [2012.08.15 17:24:14 | 000,943,344 | ---- | C] (Gracenote) -- C:\Programme\cddblink.dll [2012.08.15 17:24:14 | 000,009,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe [2012.08.15 17:24:13 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Programme\cddbcontrol.dll [2012.08.15 17:24:13 | 000,074,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll [2012.08.15 17:24:13 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll [2012.08.15 17:24:13 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll [2012.08.15 17:24:13 | 000,023,552 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll [2012.08.15 17:24:12 | 000,067,584 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll [2012.08.15 17:24:12 | 000,045,760 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll [2012.08.15 17:24:10 | 000,375,448 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realconverter.exe [2012.08.15 17:24:10 | 000,349,336 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\convert.exe [2012.08.15 17:24:05 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Programme\mc_enc_mp4v.dll [2012.08.15 17:24:05 | 000,381,080 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realtrimmer.exe [2012.08.15 17:24:05 | 000,129,680 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realshare.exe [2012.08.15 17:24:02 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll [2012.08.15 17:24:02 | 000,072,192 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll [2012.08.15 17:24:01 | 000,046,592 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll [2012.08.15 17:23:53 | 000,116,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll [2012.08.15 17:23:53 | 000,088,064 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\hxaudiodevicehook.dll [2012.08.15 17:23:53 | 000,029,856 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rndevicedbbuilder.exe [2012.08.15 17:23:52 | 000,086,528 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll [2012.08.15 17:23:52 | 000,064,696 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll [2012.08.15 17:23:51 | 000,018,104 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe [2012.08.15 17:23:50 | 000,499,352 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe [2012.08.15 17:23:50 | 000,010,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe [2012.08.15 17:23:49 | 000,439,504 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\recordingmanager.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.22 00:16:04 | 000,000,232 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2013.02.22 00:13:26 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job [2013.02.22 00:07:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe [2013.02.21 23:44:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.21 23:28:02 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.21 19:49:01 | 000,000,422 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateXML_Lutoxxxx.job [2013.02.21 16:41:00 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2013.02.21 15:28:00 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.21 11:41:02 | 000,000,426 | ---- | M] () -- C:\WINDOWS\tasks\ReclaimerUpdateFiles_Lutoxxxx.job [2013.02.21 08:29:02 | 000,000,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\spider.sav [2013.02.21 07:24:58 | 000,200,610 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.02.21 07:24:58 | 000,060,812 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2013.02.21 07:24:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-229967651-452918711-2505415267-1005.job [2013.02.21 07:24:28 | 000,000,432 | ---- | M] () -- C:\WINDOWS\tasks\RNUpgradeHelperLogonPrompt_Lutoxxxx.job [2013.02.21 07:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.21 07:23:16 | 3215,863,808 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 21:15:29 | 004,232,976 | ---- | M] (F-Secure Corporation) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\fseasyclean.exe [2013.02.20 20:53:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.20 18:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-229967651-452918711-2505415267-1005.job [2013.02.17 15:21:28 | 000,001,802 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2013.02.17 12:49:04 | 000,001,973 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rechtstipps - Der ErbschaftsBerater.LNK [2013.02.17 12:47:40 | 000,001,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ErbschaftsPlaner.lnk [2013.02.17 12:35:36 | 000,000,978 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.02.17 11:22:36 | 000,374,784 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\GMER_2.1.18952.exe [2013.02.17 10:46:15 | 000,000,758 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 19:49:35 | 000,001,773 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.16 19:49:35 | 000,001,767 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.02.16 19:49:32 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.16 19:49:32 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.14 03:28:37 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.14 03:07:53 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.14 03:02:54 | 000,496,922 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.14 03:02:54 | 000,453,384 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.14 03:02:54 | 000,100,206 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.14 03:02:54 | 000,076,706 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.11 17:59:06 | 000,000,459 | ---- | M] () -- C:\WINDOWS\ProfitMaker8.ini [2013.02.10 17:11:31 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAPMXQ0.job [2013.02.02 14:27:01 | 032,875,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Recovery.bkf [2013.01.29 20:20:31 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.01.29 20:19:34 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Arbeitsplatz.lnk [2013.01.26 04:55:37 | 000,552,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\oleaut32.dll [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.17 12:49:04 | 000,001,973 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rechtstipps - Der ErbschaftsBerater.LNK [2013.02.17 12:47:40 | 000,001,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ErbschaftsPlaner.lnk [2013.02.17 11:22:36 | 000,374,784 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\GMER_2.1.18952.exe [2013.02.17 10:46:15 | 000,000,758 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.16 19:49:35 | 000,001,773 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.16 19:49:35 | 000,001,767 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.02.02 14:25:58 | 032,875,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Recovery.bkf [2013.01.29 20:19:34 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Arbeitsplatz.lnk [2013.01.10 03:26:56 | 000,627,080 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.08.15 17:24:14 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg [2012.08.15 17:24:12 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi [2012.08.15 17:24:12 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm [2012.08.15 17:24:12 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm [2012.08.15 17:24:12 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp [2012.08.15 17:24:12 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon [2012.08.15 17:24:10 | 000,818,622 | ---- | C] () -- C:\Programme\converter.vs [2012.08.15 17:24:05 | 000,045,443 | ---- | C] () -- C:\Programme\sharemedia.vs [2012.08.15 17:24:04 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf [2012.08.15 17:24:01 | 000,033,157 | ---- | C] () -- C:\Programme\RealNetworks License.html [2012.08.15 17:24:01 | 000,033,157 | ---- | C] () -- C:\Programme\playrlic.html [2012.08.15 17:23:58 | 000,055,043 | ---- | C] () -- C:\Programme\presets.rnx [2012.08.15 17:23:58 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat [2012.08.15 17:23:57 | 000,995,243 | ---- | C] () -- C:\Programme\normal.vs [2012.08.15 17:23:57 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs [2012.08.15 17:23:51 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat [2012.08.15 17:23:51 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat [2012.08.15 17:23:51 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat [2012.08.15 17:23:50 | 000,427,405 | ---- | C] () -- C:\Programme\calibrate.rv [2012.08.15 17:23:50 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm [2012.08.15 17:23:50 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx [2012.08.15 17:23:50 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx [2012.02.16 06:59:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.02 16:24:39 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2011.06.16 14:21:10 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.04.08 16:58:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.28 15:01:02 | 000,000,007 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS [2009.12.29 16:02:43 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ColorSync [2009.12.29 16:02:43 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Classical [2009.12.29 16:02:43 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2009.12.29 16:02:43 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common [2009.08.02 17:01:52 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.01 09:30:33 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.04.25 16:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.12.27 11:24:13 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2009.07.24 03:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Windows Desktop Search [2013.02.17 12:51:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2012.12.13 22:33:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Buhl Data Service GmbH [2009.10.02 14:53:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ [2011.02.27 20:10:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Electronic Arts [2009.12.29 16:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EnterNHelp [2011.11.02 16:24:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\f-secure [2011.11.02 16:22:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\fssg [2011.06.02 14:25:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GARMIN [2010.09.28 21:01:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Jlcm [2009.08.05 09:37:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Juniper Networks [2009.08.02 17:19:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor [2009.12.29 16:03:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nikon [2010.10.31 20:53:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PCSettings [2009.09.03 21:10:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Phase6 [2010.09.28 21:10:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PPLive [2013.02.06 08:06:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ProfitMaker [2010.04.07 17:19:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\RapidSolution [2011.03.28 15:02:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SHI [2009.08.30 23:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sony [2009.07.24 03:22:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SupportSoft [2009.12.29 16:02:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ultima_T15 [2011.01.07 15:04:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2009.07.24 03:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\Windows Desktop Search [2013.02.17 12:48:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\AAV [2009.08.05 19:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Amazon [2009.08.10 19:35:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Buhl Data Service [2011.11.08 18:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Cornelsen [2009.08.15 20:43:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\DataDesign [2012.08.02 15:29:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\EssentialPIM [2009.08.01 14:54:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\EssentialPIM Pro [2012.12.28 00:00:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\F-Secure [2010.11.23 20:56:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\FinalMediaPlayer [2010.02.09 17:33:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\FRITZ! [2011.06.02 14:25:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\GARMIN [2009.08.05 09:46:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Juniper Networks [2012.05.08 20:28:39 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Klett [2010.09.20 18:57:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Nikon [2012.06.07 10:59:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Oracle [2011.01.02 15:21:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Phase6 [2010.09.28 21:03:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\PPLive [2009.08.30 23:01:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Sony [2010.07.21 11:57:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Thunderbird [2010.11.19 16:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Tific [2009.11.11 18:19:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\tmp [2009.07.24 03:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Windows Desktop Search [2009.08.01 09:31:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Windows Search [2010.11.15 18:55:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\EssentialPIM [2011.01.18 18:49:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Klett [2010.01.03 11:44:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Nikon [2011.01.02 19:57:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Phase6 [2010.07.21 17:18:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Thunderbird [2009.07.24 03:16:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Windows Desktop Search [2009.12.13 20:19:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Windows Search ========== Purity Check ========== < End of report > Viele Grüsse nlut |
|
22.02.2013, 11:32
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo und
__________________ Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner? Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte nun Logs mit GMER (<<< klick für Anleitung) und MBAR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur MBAR aus. Anleitung MBAR: Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ |
|
22.02.2013, 23:54
| #3 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo Cosinus,
__________________mein Rechner ist ein Privatrechner, wurde anscheinend von Dell mit diesem Betriebssystem ausgestattet. Der GMER-File ist zu lang, soll ich es als archiv angehängen? MBAR 1. Versuch Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.22.06
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Lutochin :: NIVALULI [administrator]
22.02.2013 23:04:39
mbar-log-2013-02-22 (23-04-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29281
Time elapsed: 23 minute(s), 37 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 9
HKLM\SOFTWARE\CLASSES\CLSID\{500BCA15-57A7-4eaf-8143-8C619470B13D} (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\TYPELIB\{E24211B3-A78A-C6A9-D317-70979ACE5058} (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\XML.XML.1 (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\CLASSES\XML.XML (Trojan.FakeAlert) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{500BCA15-57A7-4EAF-8143-8C619470B13D} (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\Monopod (Trojan.FakeAlert) -> Delete on reboot.
HKCU\SOFTWARE\NordBull (Malware.Trace) -> Delete on reboot.
HKCU\SOFTWARE\XML (Trojan.FakeAlert) -> Delete on reboot.
Registry Values Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_XMLLookup (Hijacker.XMLLookup) -> Data: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_Application (Hijacker.Application) -> Data: hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|bak_intl (Hijacker.intl) -> Data: hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s -> Delete on reboot.
Registry Data Items Detected: 3
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|XMLLookup (Hijacker.XMLLookup) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|Application (Hijacker.Application) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s) -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ASSOCIATIONS|intl (Hijacker.intl) -> Bad: (hxxp://www.helpmeopen.com/?n=app&l=%04x&ext=%s) Good: (hxxp://shell.windows.com/fileassoc/fileassoc.asp?LangID=%04x&Ext=%s) -> Delete on reboot.
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020
www.malwarebytes.org
Database version: v2013.02.22.07
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Lutochin :: NIVALULI [administrator]
22.02.2013 23:35:25
mbar-log-2013-02-22 (23-35-25).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29151
Time elapsed: 21 minute(s), 17 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Viele Grüße Nlut |
|
23.02.2013, 00:53
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - HijackerZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
23.02.2013, 18:21
| #5 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo Cosinus, gerne... Viele Grüße nlut |
|
24.02.2013, 21:47
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker |
|
24.02.2013, 23:22
| #7 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo, aswMBr Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-24 22:39:38
-----------------------------
22:39:38.765 OS Version: Windows 5.1.2600 Service Pack 3
22:39:38.765 Number of processors: 2 586 0x170A
22:39:38.765 ComputerName: NIVALULI UserName: Lutoxxxx
22:39:41.343 Initialize success
22:42:44.421 AVAST engine defs: 13022400
22:42:57.890 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
22:42:57.890 Disk 0 Vendor: ST932042 DE17 Size: 305245MB BusType: 3
22:42:57.906 Disk 0 MBR read successfully
22:42:57.906 Disk 0 MBR scan
22:42:58.078 Disk 0 Windows VISTA default MBR code
22:42:58.078 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
22:42:58.234 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 305204 MB offset 81920
22:42:58.265 Disk 0 scanning sectors +625140400
22:42:58.343 Disk 0 scanning C:\WINDOWS\system32\drivers
22:43:34.234 Service scanning
22:44:10.562 Modules scanning
22:44:17.718 Disk 0 trace - called modules:
22:44:17.750 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
22:44:17.765 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8affaab8]
22:44:17.765 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8aff7028]
22:44:32.187 AVAST engine scan C:\WINDOWS
22:44:53.390 AVAST engine scan C:\WINDOWS\system32
22:50:01.906 AVAST engine scan C:\WINDOWS\system32\drivers
22:50:25.734 AVAST engine scan C:\Dokumente und Einstellungen\Lutoxxxx
23:03:12.578 AVAST engine scan C:\Dokumente und Einstellungen\All Users
23:05:19.578 Scan finished successfully
23:06:50.625 Disk 0 MBR has been saved successfully to "C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\MBR.dat"
23:06:50.625 The log file has been saved successfully to "C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\aswMBR.txt"
Code:
ATTFilter 23:13:37.0734 51652 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:13:38.0515 51652 ============================================================
23:13:38.0515 51652 Current date / time: 2013/02/24 23:13:38.0515
23:13:38.0515 51652 SystemInfo:
23:13:38.0515 51652
23:13:38.0515 51652 OS Version: 5.1.2600 ServicePack: 3.0
23:13:38.0515 51652 Product type: Workstation
23:13:38.0515 51652 ComputerName: NIVALULI
23:13:38.0515 51652 UserName: Lutoxxx
23:13:38.0515 51652 Windows directory: C:\WINDOWS
23:13:38.0515 51652 System windows directory: C:\WINDOWS
23:13:38.0515 51652 Processor architecture: Intel x86
23:13:38.0515 51652 Number of processors: 2
23:13:38.0515 51652 Page size: 0x1000
23:13:38.0515 51652 Boot type: Normal boot
23:13:38.0515 51652 ============================================================
23:13:39.0250 51652 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:13:39.0250 51652 ============================================================
23:13:39.0250 51652 \Device\Harddisk0\DR0:
23:13:39.0250 51652 MBR partitions:
23:13:39.0250 51652 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x2541A2B0
23:13:39.0250 51652 ============================================================
23:13:39.0312 51652 C: <-> \Device\Harddisk0\DR0\Partition1
23:13:39.0312 51652 ============================================================
23:13:39.0312 51652 Initialize success
23:13:39.0312 51652 ============================================================
23:13:44.0906 57420 ============================================================
23:13:44.0906 57420 Scan started
23:13:44.0906 57420 Mode: Manual;
23:13:44.0906 57420 ============================================================
23:13:45.0687 57420 ================ Scan system memory ========================
23:13:47.0031 57420 System memory - ok
23:13:47.0031 57420 ================ Scan services =============================
23:13:47.0140 57420 [ 7EEB488346FBFA3731276C3EE8A8FD9E ] AAV UpdateService C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
23:13:47.0140 57420 AAV UpdateService - ok
23:13:47.0296 57420 Abiosdsk - ok
23:13:47.0343 57420 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23:13:47.0343 57420 abp480n5 - ok
23:13:47.0390 57420 [ 0A1E97197609F92D2425B67DA0BB0A7F ] ACEDRV05 C:\WINDOWS\system32\drivers\ACEDRV05.sys
23:13:47.0406 57420 ACEDRV05 - ok
23:13:47.0468 57420 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\WINDOWS\system32\drivers\ACEDRV07.sys
23:13:47.0468 57420 ACEDRV07 - ok
23:13:47.0531 57420 [ BD4E8C841716D5F2804CE000CFE61524 ] acedrv09 C:\WINDOWS\system32\drivers\acedrv09.sys
23:13:47.0546 57420 acedrv09 - ok
23:13:47.0578 57420 [ B253D403CF527FF11921CEEE193EF465 ] acedrv10 C:\WINDOWS\system32\drivers\acedrv10.sys
23:13:47.0593 57420 acedrv10 - ok
23:13:47.0625 57420 [ 7B19E528F2F40524E2C40F754A571EB8 ] acehlp09 C:\WINDOWS\system32\drivers\acehlp09.sys
23:13:47.0625 57420 acehlp09 - ok
23:13:47.0671 57420 [ 77507733DC5E2953960C88DA59A5C94B ] acehlp10 C:\WINDOWS\system32\drivers\acehlp10.sys
23:13:47.0671 57420 acehlp10 - ok
23:13:47.0687 57420 [ AC407F1A62C3A300B4F2B5A9F1D55B2C ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
23:13:47.0687 57420 ACPI - ok
23:13:47.0703 57420 [ 9E1CA3160DAFB159CA14F83B1E317F75 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
23:13:47.0703 57420 ACPIEC - ok
23:13:47.0750 57420 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:13:47.0750 57420 AdobeFlashPlayerUpdateSvc - ok
23:13:47.0781 57420 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
23:13:47.0781 57420 adpu160m - ok
23:13:47.0828 57420 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
23:13:47.0828 57420 aec - ok
23:13:47.0843 57420 [ F21D5E93A94514BE9F5B6EBF74A696B2 ] AESTAud C:\WINDOWS\system32\drivers\AESTAud.sys
23:13:47.0843 57420 AESTAud - ok
23:13:47.0921 57420 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
23:13:47.0921 57420 AFD - ok
23:13:47.0953 57420 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
23:13:47.0953 57420 agp440 - ok
23:13:47.0984 57420 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
23:13:47.0984 57420 agpCPQ - ok
23:13:48.0000 57420 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
23:13:48.0000 57420 Aha154x - ok
23:13:48.0015 57420 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
23:13:48.0015 57420 aic78u2 - ok
23:13:48.0031 57420 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
23:13:48.0031 57420 aic78xx - ok
23:13:48.0078 57420 [ 738D80CC01D7BC7584BE917B7F544394 ] Alerter C:\WINDOWS\system32\alrsvc.dll
23:13:48.0078 57420 Alerter - ok
23:13:48.0109 57420 [ 190CD73D4984F94D823F9444980513E5 ] ALG C:\WINDOWS\System32\alg.exe
23:13:48.0125 57420 ALG - ok
23:13:48.0156 57420 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
23:13:48.0156 57420 AliIde - ok
23:13:48.0187 57420 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
23:13:48.0187 57420 alim1541 - ok
23:13:48.0203 57420 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
23:13:48.0203 57420 amdagp - ok
23:13:48.0218 57420 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
23:13:48.0218 57420 amsint - ok
23:13:48.0281 57420 [ FB7C669774FFCACD77B5969EE5D9A19B ] ApfiltrService C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
23:13:48.0296 57420 ApfiltrService - ok
23:13:48.0437 57420 [ 5AA788D5A2C6737BB9C45933985BC1B8 ] Apple Mobile Device C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:13:48.0437 57420 Apple Mobile Device - ok
23:13:48.0468 57420 [ D45960BE52C3C610D361977057F98C54 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
23:13:48.0468 57420 AppMgmt - ok
23:13:48.0500 57420 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
23:13:48.0500 57420 Arp1394 - ok
23:13:48.0531 57420 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
23:13:48.0546 57420 asc - ok
23:13:48.0546 57420 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
23:13:48.0546 57420 asc3350p - ok
23:13:48.0562 57420 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
23:13:48.0562 57420 asc3550 - ok
23:13:48.0656 57420 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
23:13:48.0656 57420 aspnet_state - ok
23:13:48.0687 57420 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
23:13:48.0687 57420 AsyncMac - ok
23:13:48.0734 57420 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
23:13:48.0734 57420 atapi - ok
23:13:48.0734 57420 Atdisk - ok
23:13:48.0750 57420 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
23:13:48.0765 57420 Atmarpc - ok
23:13:48.0796 57420 [ 58ED0D5452DF7BE732193E7999C6B9A4 ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
23:13:48.0796 57420 AudioSrv - ok
23:13:48.0812 57420 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
23:13:48.0812 57420 audstub - ok
23:13:48.0875 57420 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaudio C:\WINDOWS\system32\DRIVERS\avmaudio.sys
23:13:48.0890 57420 avmaudio - ok
23:13:48.0921 57420 [ 728C4A6C722535C16D1025F51AA31E22 ] avmaura C:\WINDOWS\system32\DRIVERS\avmaura.sys
23:13:48.0937 57420 avmaura - ok
23:13:48.0984 57420 [ 1AC201DB648829A11FFDEB14CE3F3D5D ] avmidentd C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe
23:13:48.0984 57420 avmidentd - ok
23:13:49.0046 57420 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
23:13:49.0046 57420 Beep - ok
23:13:49.0125 57420 [ D6F603772A789BB3228F310D650B8BD1 ] BITS C:\WINDOWS\system32\qmgr.dll
23:13:49.0140 57420 BITS - ok
23:13:49.0203 57420 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Programme\Bonjour\mDNSResponder.exe
23:13:49.0218 57420 Bonjour Service - ok
23:13:49.0281 57420 [ B71549F23736ADF83A571061C47777FD ] Browser C:\WINDOWS\System32\browser.dll
23:13:49.0281 57420 Browser - ok
23:13:49.0359 57420 [ ECDC40CC54603C711E1A7A1C9255184A ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
23:13:49.0375 57420 btaudio - ok
23:13:49.0406 57420 [ 58A49BD10E08D3D4333A60DEDCB1CED8 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
23:13:49.0406 57420 BTDriver - ok
23:13:49.0453 57420 [ 885B6D0F826A216EEE4C3AD883809012 ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
23:13:49.0500 57420 BTKRNL - ok
23:13:49.0578 57420 [ 467BC618DEBA4F8DB5A1A5E87510C335 ] btwdins C:\Programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
23:13:49.0593 57420 btwdins - ok
23:13:49.0625 57420 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
23:13:49.0625 57420 BTWDNDIS - ok
23:13:49.0640 57420 [ E48668B4A6A5CF68B33AECAD18EE8E1E ] btwhid C:\WINDOWS\system32\DRIVERS\btwhid.sys
23:13:49.0656 57420 btwhid - ok
23:13:49.0671 57420 [ 8BCD7BFE9C70A8FF7444263435B18AA1 ] btwmodem C:\WINDOWS\system32\DRIVERS\btwmodem.sys
23:13:49.0671 57420 btwmodem - ok
23:13:49.0718 57420 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
23:13:49.0718 57420 BTWUSB - ok
23:13:49.0765 57420 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
23:13:49.0765 57420 cbidf - ok
23:13:49.0765 57420 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
23:13:49.0781 57420 cbidf2k - ok
23:13:49.0796 57420 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
23:13:49.0796 57420 CCDECODE - ok
23:13:49.0812 57420 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
23:13:49.0812 57420 cd20xrnt - ok
23:13:49.0859 57420 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
23:13:49.0859 57420 Cdaudio - ok
23:13:49.0859 57420 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
23:13:49.0875 57420 Cdfs - ok
23:13:49.0921 57420 [ 4B0A100EAF5C49EF3CCA8C641431EACC ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
23:13:49.0921 57420 Cdrom - ok
23:13:49.0937 57420 Changer - ok
23:13:50.0000 57420 [ 28E3040D1F1CA2008CD6B29DFEBC9A5E ] CiSvc C:\WINDOWS\system32\cisvc.exe
23:13:50.0000 57420 CiSvc - ok
23:13:50.0015 57420 [ 778A30ED3C134EB7E406AFC407E9997D ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
23:13:50.0015 57420 ClipSrv - ok
23:13:50.0062 57420 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:13:50.0078 57420 clr_optimization_v2.0.50727_32 - ok
23:13:50.0140 57420 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
23:13:50.0140 57420 CmBatt - ok
23:13:50.0140 57420 [ C687F81290303D90099B027A6474F99F ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
23:13:50.0140 57420 CmdIde - ok
23:13:50.0156 57420 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
23:13:50.0156 57420 Compbatt - ok
23:13:50.0171 57420 COMSysApp - ok
23:13:50.0218 57420 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
23:13:50.0218 57420 Cpqarray - ok
23:13:50.0250 57420 [ 611F824E5C703A5A899F84C5F1699E4D ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
23:13:50.0265 57420 CryptSvc - ok
23:13:50.0296 57420 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
23:13:50.0296 57420 dac2w2k - ok
23:13:50.0296 57420 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
23:13:50.0296 57420 dac960nt - ok
23:13:50.0343 57420 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
23:13:50.0359 57420 DcomLaunch - ok
23:13:50.0421 57420 [ C29A1C9B75BA38FA37F8C44405DEC360 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
23:13:50.0421 57420 Dhcp - ok
23:13:50.0453 57420 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
23:13:50.0453 57420 Disk - ok
23:13:50.0468 57420 [ A0500678A33802D8954153839301D539 ] DLABMFSM C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
23:13:50.0468 57420 DLABMFSM - ok
23:13:50.0468 57420 [ B8D2F68CAC54D46281399F9092644794 ] DLABOIOM C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
23:13:50.0468 57420 DLABOIOM - ok
23:13:50.0484 57420 [ 0EE93AB799D1CB4EC90B36F3612FE907 ] DLACDBHM C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
23:13:50.0484 57420 DLACDBHM - ok
23:13:50.0484 57420 [ F8B70D38845C4694B28ADC4768676FD0 ] DLADResM C:\WINDOWS\system32\Drivers\DLADResM.SYS
23:13:50.0484 57420 DLADResM - ok
23:13:50.0484 57420 [ 766A148235BE1C0039C974446E4C0EDC ] DLAIFS_M C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
23:13:50.0484 57420 DLAIFS_M - ok
23:13:50.0500 57420 [ 38267CCA177354F1C64450A43A4F7627 ] DLAOPIOM C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
23:13:50.0500 57420 DLAOPIOM - ok
23:13:50.0500 57420 [ FD363369FD313B46B5AEAB1A688B52E9 ] DLAPoolM C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
23:13:50.0500 57420 DLAPoolM - ok
23:13:50.0500 57420 [ 336AE18F0912EF4FBE5518849E004D74 ] DLARTL_M C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
23:13:50.0500 57420 DLARTL_M - ok
23:13:50.0515 57420 [ FD85F682C1CC2A7CA878C7A448E6D87E ] DLAUDFAM C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
23:13:50.0515 57420 DLAUDFAM - ok
23:13:50.0515 57420 [ AF389CE587B6BF5BBDCD6F6ABE5EABC0 ] DLAUDF_M C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
23:13:50.0515 57420 DLAUDF_M - ok
23:13:50.0515 57420 dmadmin - ok
23:13:50.0609 57420 [ 0DCFC8395A99FECBB1EF771CEC7FE4EA ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
23:13:50.0625 57420 dmboot - ok
23:13:50.0625 57420 [ 53720AB12B48719D00E327DA470A619A ] dmio C:\WINDOWS\system32\drivers\dmio.sys
23:13:50.0640 57420 dmio - ok
23:13:50.0640 57420 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
23:13:50.0640 57420 dmload - ok
23:13:50.0656 57420 [ 25C83FFBBA13B554EB6D59A9B2E2EE78 ] dmserver C:\WINDOWS\System32\dmserver.dll
23:13:50.0656 57420 dmserver - ok
23:13:50.0703 57420 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
23:13:50.0703 57420 DMusic - ok
23:13:50.0765 57420 [ 407F3227AC618FD1CA54B335B083DE07 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
23:13:50.0765 57420 Dnscache - ok
23:13:50.0796 57420 [ 676E36C4FF5BCEA1900F44182B9723E6 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
23:13:50.0796 57420 Dot3svc - ok
23:13:50.0828 57420 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
23:13:50.0828 57420 dpti2o - ok
23:13:50.0875 57420 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
23:13:50.0875 57420 drmkaud - ok
23:13:50.0937 57420 [ 5D3B71BB2BB0009D65D290E2EF374BD3 ] DRVMCDB C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
23:13:50.0953 57420 DRVMCDB - ok
23:13:51.0000 57420 [ C591BA9F96F40A1FD6494DAFDCD17185 ] DRVNDDM C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
23:13:51.0015 57420 DRVNDDM - ok
23:13:51.0031 57420 [ 4E4F2FDDAB0A0736D7671134DCCE91FB ] EapHost C:\WINDOWS\System32\eapsvc.dll
23:13:51.0046 57420 EapHost - ok
23:13:51.0078 57420 [ 877C18558D70587AA7823A1A308AC96B ] ERSvc C:\WINDOWS\System32\ersvc.dll
23:13:51.0078 57420 ERSvc - ok
23:13:51.0125 57420 [ A3EDBE9053889FB24AB22492472B39DC ] Eventlog C:\WINDOWS\system32\services.exe
23:13:51.0125 57420 Eventlog - ok
23:13:51.0203 57420 [ AF4F6B5739D18CA7972AB53E091CBC74 ] EventSystem C:\WINDOWS\system32\es.dll
23:13:51.0203 57420 EventSystem - ok
23:13:51.0390 57420 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Programme\Intel\WiFi\bin\EvtEng.exe
23:13:51.0421 57420 EvtEng - ok
23:13:51.0578 57420 [ 7CE0422451C4B05A14B642680F525C69 ] F-Secure Gatekeeper C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys
23:13:51.0578 57420 F-Secure Gatekeeper - ok
23:13:51.0640 57420 [ 2346842F07E2AB64D1DC83A67FCCDFA1 ] F-Secure Gatekeeper Handler Starter C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe
23:13:51.0640 57420 F-Secure Gatekeeper Handler Starter - ok
23:13:51.0765 57420 [ DC0720248DC4D1F303DF94CCC3ADFF96 ] F-Secure HIPS C:\Programme\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys
23:13:51.0765 57420 F-Secure HIPS - ok
23:13:51.0828 57420 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
23:13:51.0828 57420 Fastfat - ok
23:13:51.0890 57420 [ 2DB7D303C36DDD055215052F118E8E75 ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
23:13:51.0890 57420 FastUserSwitchingCompatibility - ok
23:13:51.0937 57420 [ 08B8B302AF0D1B3B8543429BBAC8F21F ] Fax C:\WINDOWS\system32\fxssvc.exe
23:13:51.0953 57420 Fax - ok
23:13:51.0953 57420 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\drivers\Fdc.sys
23:13:51.0953 57420 Fdc - ok
23:13:51.0968 57420 [ B0678A548587C5F1967B0D70BACAD6C1 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
23:13:51.0968 57420 Fips - ok
23:13:51.0968 57420 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
23:13:51.0968 57420 Flpydisk - ok
23:13:51.0984 57420 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
23:13:51.0984 57420 FltMgr - ok
23:13:52.0109 57420 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
23:13:52.0109 57420 FontCache3.0.0.0 - ok
23:13:52.0125 57420 [ 18DA737DD5122A475DA4948ED4643675 ] fsbts C:\WINDOWS\system32\Drivers\fsbts.sys
23:13:52.0125 57420 fsbts - ok
23:13:52.0187 57420 [ 7CD27E80DFD22F02FBDA47B706ABA0F2 ] FSDFWD C:\Programme\M-net\Sicherheitspaket\FWES\Program\fsdfwd.exe
23:13:52.0203 57420 FSDFWD - ok
23:13:52.0265 57420 [ FE5918F5C839F7BBF74FB91743DD4262 ] FSFW C:\WINDOWS\system32\drivers\fsdfw.sys
23:13:52.0265 57420 FSFW - ok
23:13:52.0375 57420 [ 8A556A81E9FF95BD9EB7207783E8FCF4 ] FSMA C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE
23:13:52.0375 57420 FSMA - ok
23:13:52.0390 57420 [ 42AEF6A385354ACA65FC210CE7CE4D7C ] FSORSPClient C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe
23:13:52.0390 57420 FSORSPClient - ok
23:13:52.0437 57420 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
23:13:52.0437 57420 Fs_Rec - ok
23:13:52.0484 57420 [ 8F1955CE42E1484714B542F341647778 ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
23:13:52.0500 57420 Ftdisk - ok
23:13:52.0578 57420 [ 5AE3A887ECE5BBB72CFAB273C2FD1CFA ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
23:13:52.0578 57420 GEARAspiWDM - ok
23:13:52.0640 57420 [ 499B5DE36D1A4EBF7EE7DAAF9CC29F30 ] GemCCID C:\WINDOWS\system32\Drivers\GemCCID.sys
23:13:52.0640 57420 GemCCID - ok
23:13:52.0671 57420 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\WINDOWS\system32\DRIVERS\ggflt.sys
23:13:52.0671 57420 ggflt - ok
23:13:52.0703 57420 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\WINDOWS\system32\DRIVERS\ggsemc.sys
23:13:52.0703 57420 ggsemc - ok
23:13:52.0734 57420 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
23:13:52.0734 57420 Gpc - ok
23:13:52.0781 57420 [ 6003BC70F1A8307262BD3C941BDA0B7E ] grmnusb C:\WINDOWS\system32\drivers\grmnusb.sys
23:13:52.0796 57420 grmnusb - ok
23:13:52.0890 57420 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Programme\Google\Update\GoogleUpdate.exe
23:13:52.0890 57420 gupdate - ok
23:13:52.0906 57420 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Programme\Google\Update\GoogleUpdate.exe
23:13:52.0906 57420 gupdatem - ok
23:13:52.0921 57420 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
23:13:52.0921 57420 HDAudBus - ok
23:13:53.0062 57420 [ CB66BF85BF599BEFD6C6A57C2E20357F ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
23:13:53.0078 57420 helpsvc - ok
23:13:53.0125 57420 [ B35DA85E60C0103F2E4104532DA2F12B ] HidServ C:\WINDOWS\System32\hidserv.dll
23:13:53.0140 57420 HidServ - ok
23:13:53.0171 57420 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
23:13:53.0187 57420 hidusb - ok
23:13:53.0250 57420 [ ED29F14101523A6E0E808107405D452C ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
23:13:53.0250 57420 hkmsvc - ok
23:13:53.0250 57420 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
23:13:53.0250 57420 hpn - ok
23:13:53.0296 57420 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
23:13:53.0296 57420 HTTP - ok
23:13:53.0375 57420 [ 9E4ADB854CEBCFB81A4B36718FEECD16 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
23:13:53.0375 57420 HTTPFilter - ok
23:13:53.0437 57420 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
23:13:53.0437 57420 i2omgmt - ok
23:13:53.0484 57420 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
23:13:53.0484 57420 i2omp - ok
23:13:53.0531 57420 [ E283B97CFBEB86C1D86BAED5F7846A92 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
23:13:53.0531 57420 i8042prt - ok
23:13:53.0609 57420 [ BAABB0301949774A66B955C65319635A ] iaStor C:\WINDOWS\system32\drivers\iaStor.sys
23:13:53.0609 57420 iaStor - ok
23:13:53.0734 57420 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:13:53.0734 57420 IDriverT - ok
23:13:53.0843 57420 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:13:53.0859 57420 idsvc - ok
23:13:53.0984 57420 [ E28602C9E17B0DDCE9F5DEB3B3E2A635 ] IGDCTRL C:\Programme\FRITZ!DSL\IGDCTRL.EXE
23:13:53.0984 57420 IGDCTRL - ok
23:13:54.0000 57420 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
23:13:54.0000 57420 Imapi - ok
23:13:54.0078 57420 [ D4B413AA210C21E46AEDD2BA5B68D38E ] ImapiService C:\WINDOWS\system32\imapi.exe
23:13:54.0078 57420 ImapiService - ok
23:13:54.0093 57420 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
23:13:54.0093 57420 ini910u - ok
23:13:54.0109 57420 [ 69C4E3C9E67A1F103B94E14FDD5F3213 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
23:13:54.0109 57420 IntelIde - ok
23:13:54.0171 57420 [ 4C7D2750158ED6E7AD642D97BFFAE351 ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
23:13:54.0171 57420 intelppm - ok
23:13:54.0203 57420 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
23:13:54.0203 57420 Ip6Fw - ok
23:13:54.0218 57420 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
23:13:54.0218 57420 IpFilterDriver - ok
23:13:54.0234 57420 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
23:13:54.0234 57420 IpInIp - ok
23:13:54.0265 57420 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
23:13:54.0265 57420 IpNat - ok
23:13:54.0359 57420 [ 8E5E5A8CC84DA3F683E3BBC045138D52 ] iPod Service C:\Programme\iPod\bin\iPodService.exe
23:13:54.0375 57420 iPod Service - ok
23:13:54.0390 57420 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
23:13:54.0390 57420 IPSec - ok
23:13:54.0390 57420 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
23:13:54.0390 57420 IRENUM - ok
23:13:54.0468 57420 [ 6DFB88F64135C525433E87648BDA30DE ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
23:13:54.0468 57420 isapnp - ok
23:13:54.0593 57420 [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Programme\Java\jre7\bin\jqs.exe
23:13:54.0593 57420 JavaQuickStarterService - ok
23:13:54.0609 57420 [ 1704D8C4C8807B889E43C649B478A452 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
23:13:54.0609 57420 Kbdclass - ok
23:13:54.0609 57420 [ B6D6C117D771C98130497265F26D1882 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
23:13:54.0609 57420 kbdhid - ok
23:13:54.0671 57420 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
23:13:54.0671 57420 kmixer - ok
23:13:54.0750 57420 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
23:13:54.0750 57420 KSecDD - ok
23:13:54.0796 57420 [ 2BBDCB79900990F0716DFCB714E72DE7 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
23:13:54.0796 57420 LanmanServer - ok
23:13:54.0875 57420 [ 1869B14B06B44B44AF70548E1EA3303F ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
23:13:54.0875 57420 lanmanworkstation - ok
23:13:54.0875 57420 lbrtfdc - ok
23:13:54.0968 57420 [ 636714B7D43C8D0C80449123FD266920 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
23:13:54.0968 57420 LmHosts - ok
23:13:55.0093 57420 [ 1BDB34A492109198CAB0575F2743BE70 ] Maxtor Sync Service C:\Programme\Maxtor\Sync\SyncServices.exe
23:13:55.0109 57420 Maxtor Sync Service - ok
23:13:55.0140 57420 [ 4A5FFDF0FE830C448830BD4B02B02B4B ] mbamchameleon C:\WINDOWS\system32\drivers\mbamchameleon.sys
23:13:55.0140 57420 mbamchameleon - ok
23:13:55.0218 57420 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe
23:13:55.0234 57420 McComponentHostService - ok
23:13:55.0265 57420 [ B7550A7107281D170CE85524B1488C98 ] Messenger C:\WINDOWS\System32\msgsvc.dll
23:13:55.0281 57420 Messenger - ok
23:13:55.0281 57420 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
23:13:55.0281 57420 mnmdd - ok
23:13:55.0296 57420 [ C2F1D365FD96791B037EE504868065D3 ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
23:13:55.0296 57420 mnmsrvc - ok
23:13:55.0312 57420 [ 6FB74EBD4EC57A6F1781DE3852CC3362 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
23:13:55.0312 57420 Modem - ok
23:13:55.0343 57420 [ B24CE8005DEAB254C0251E15CB71D802 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
23:13:55.0343 57420 Mouclass - ok
23:13:55.0359 57420 [ 66A6F73C74E1791464160A7065CE711A ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
23:13:55.0359 57420 mouhid - ok
23:13:55.0359 57420 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
23:13:55.0359 57420 MountMgr - ok
23:13:55.0437 57420 [ 730A519505621DF46BCBF9CDAC9FB6AD ] MozillaMaintenance C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe
23:13:55.0437 57420 MozillaMaintenance - ok
23:13:55.0468 57420 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
23:13:55.0468 57420 mraid35x - ok
23:13:55.0515 57420 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
23:13:55.0515 57420 MRxDAV - ok
23:13:55.0625 57420 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
23:13:55.0718 57420 MRxSmb - ok
23:13:55.0734 57420 [ 35A031AF38C55F92D28AA03EE9F12CC9 ] MSDTC C:\WINDOWS\system32\msdtc.exe
23:13:55.0750 57420 MSDTC - ok
23:13:55.0750 57420 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
23:13:55.0750 57420 Msfs - ok
23:13:55.0765 57420 MSIServer - ok
23:13:55.0796 57420 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
23:13:55.0796 57420 MSKSSRV - ok
23:13:55.0812 57420 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
23:13:55.0812 57420 MSPCLOCK - ok
23:13:55.0828 57420 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
23:13:55.0843 57420 MSPQM - ok
23:13:55.0875 57420 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23:13:55.0875 57420 mssmbios - ok
23:13:55.0906 57420 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
23:13:55.0921 57420 MSTEE - ok
23:13:55.0937 57420 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
23:13:55.0937 57420 Mup - ok
23:13:55.0968 57420 [ 216AC775320F64DE28CFEB7C179C4FF9 ] MXOPSWD C:\WINDOWS\system32\DRIVERS\mxopswd.sys
23:13:55.0968 57420 MXOPSWD - ok
23:13:56.0000 57420 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
23:13:56.0000 57420 NABTSFEC - ok
23:13:56.0046 57420 [ 46BB15AE2AC7D025D6D2567B876817BD ] napagent C:\WINDOWS\System32\qagentrt.dll
23:13:56.0046 57420 napagent - ok
23:13:56.0093 57420 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
23:13:56.0093 57420 NDIS - ok
23:13:56.0125 57420 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
23:13:56.0125 57420 NdisIP - ok
23:13:56.0171 57420 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
23:13:56.0171 57420 NdisTapi - ok
23:13:56.0250 57420 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
23:13:56.0250 57420 Ndisuio - ok
23:13:56.0265 57420 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
23:13:56.0265 57420 NdisWan - ok
23:13:56.0328 57420 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
23:13:56.0328 57420 NDProxy - ok
23:13:56.0328 57420 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
23:13:56.0343 57420 NetBIOS - ok
23:13:56.0359 57420 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
23:13:56.0359 57420 NetBT - ok
23:13:56.0390 57420 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDE C:\WINDOWS\system32\netdde.exe
23:13:56.0406 57420 NetDDE - ok
23:13:56.0406 57420 [ 8ACE4251BFFD09CE75679FE940E996CC ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
23:13:56.0421 57420 NetDDEdsdm - ok
23:13:56.0484 57420 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] Netlogon C:\WINDOWS\system32\lsass.exe
23:13:56.0484 57420 Netlogon - ok
23:13:56.0578 57420 [ E6D88F1F6745BF00B57E7855A2AB696C ] Netman C:\WINDOWS\System32\netman.dll
23:13:56.0593 57420 Netman - ok
23:13:56.0625 57420 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:13:56.0640 57420 NetTcpPortSharing - ok
23:13:56.0812 57420 [ CFE1981A47A2F7650A1EF8917DC4D1C3 ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
23:13:56.0937 57420 NETw5x32 - ok
23:13:56.0968 57420 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
23:13:56.0968 57420 NIC1394 - ok
23:13:57.0046 57420 [ F1B67B6B0751AE0E6E964B02821206A3 ] Nla C:\WINDOWS\System32\mswsock.dll
23:13:57.0046 57420 Nla - ok
23:13:57.0062 57420 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
23:13:57.0062 57420 Npfs - ok
23:13:57.0140 57420 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
23:13:57.0156 57420 Ntfs - ok
23:13:57.0156 57420 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
23:13:57.0156 57420 NtLmSsp - ok
23:13:57.0187 57420 [ 56AF4064996FA5BAC9C449B1514B4770 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
23:13:57.0203 57420 NtmsSvc - ok
23:13:57.0234 57420 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
23:13:57.0234 57420 Null - ok
23:13:57.0281 57420 [ 3E42D186CB5371E8CCD9044318A8F3DC ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
23:13:57.0453 57420 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\nv4_mini.sys. Real md5: 3E42D186CB5371E8CCD9044318A8F3DC, Fake md5: CDCB9F156BD6722369A7E8ECFB9202A3
23:13:57.0468 57420 nv ( ForgedFile.Multi.Generic ) - warning
23:13:57.0468 57420 nv - detected ForgedFile.Multi.Generic (1)
23:13:57.0484 57420 [ 2248C3703454BB72FCBEC9E90437F93E ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
23:13:57.0484 57420 NVSvc - ok
23:13:57.0531 57420 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
23:13:57.0531 57420 NwlnkFlt - ok
23:13:57.0562 57420 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
23:13:57.0562 57420 NwlnkFwd - ok
23:13:57.0609 57420 [ F9BEED56D7FCDBD4924AC1E628261882 ] O2FLASH C:\WINDOWS\system32\DRIVERS\o2flash.exe
23:13:57.0609 57420 O2FLASH - ok
23:13:57.0640 57420 [ 4F8D4B1233AF48B30F4FDC76A8865CFA ] O2MDGRDR C:\WINDOWS\system32\DRIVERS\o2mdg.sys
23:13:57.0640 57420 O2MDGRDR - ok
23:13:57.0703 57420 [ 928B7612B65E82D68D489A1474C98B37 ] O2SDGRDR C:\WINDOWS\system32\DRIVERS\o2sdg.sys
23:13:57.0703 57420 O2SDGRDR - ok
23:13:57.0828 57420 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
23:13:57.0843 57420 odserv - ok
23:13:57.0859 57420 [ 58F478FD0115012CEEC75FB73628901C ] OEM13Afx C:\WINDOWS\system32\Drivers\OEM13Afx.sys
23:13:57.0859 57420 OEM13Afx - ok
23:13:57.0921 57420 [ 86326062A90494BDD79CE383511D7D69 ] OEM13Vfx C:\WINDOWS\system32\DRIVERS\OEM13Vfx.sys
23:13:57.0921 57420 OEM13Vfx - ok
23:13:58.0015 57420 [ 12539B57ED05DE7552403A12B3E0161C ] OEM13Vid C:\WINDOWS\system32\DRIVERS\OEM13Vid.sys
23:13:58.0015 57420 OEM13Vid - ok
23:13:58.0109 57420 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
23:13:58.0109 57420 ohci1394 - ok
23:13:58.0156 57420 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
23:13:58.0156 57420 ose - ok
23:13:58.0203 57420 [ F84785660305B9B903FB3BCA8BA29837 ] Parport C:\WINDOWS\system32\drivers\Parport.sys
23:13:58.0203 57420 Parport - ok
23:13:58.0203 57420 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
23:13:58.0203 57420 PartMgr - ok
23:13:58.0218 57420 [ C2BF987829099A3EAA2CA6A0A90ECB4F ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
23:13:58.0218 57420 ParVdm - ok
23:13:58.0250 57420 [ 387E8DEDC343AA2D1EFBC30580273ACD ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
23:13:58.0265 57420 PCI - ok
23:13:58.0265 57420 PCIDump - ok
23:13:58.0296 57420 [ 59BA86D9A61CBCF4DF8E598C331F5B82 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
23:13:58.0296 57420 PCIIde - ok
23:13:58.0312 57420 [ A2A966B77D61847D61A3051DF87C8C97 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
23:13:58.0312 57420 Pcmcia - ok
23:13:58.0328 57420 PDCOMP - ok
23:13:58.0328 57420 PDFRAME - ok
23:13:58.0343 57420 PDRELI - ok
23:13:58.0359 57420 PDRFRAME - ok
23:13:58.0390 57420 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
23:13:58.0390 57420 perc2 - ok
23:13:58.0390 57420 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
23:13:58.0390 57420 perc2hib - ok
23:13:58.0437 57420 [ A3EDBE9053889FB24AB22492472B39DC ] PlugPlay C:\WINDOWS\system32\services.exe
23:13:58.0437 57420 PlugPlay - ok
23:13:58.0437 57420 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
23:13:58.0437 57420 PolicyAgent - ok
23:13:58.0453 57420 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
23:13:58.0453 57420 PptpMiniport - ok
23:13:58.0531 57420 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
23:13:58.0531 57420 ProtectedStorage - ok
23:13:58.0531 57420 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
23:13:58.0531 57420 PSched - ok
23:13:58.0546 57420 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
23:13:58.0546 57420 Ptilink - ok
23:13:58.0593 57420 [ 49452BFCEC22F36A7A9B9C2181BC3042 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
23:13:58.0593 57420 PxHelp20 - ok
23:13:58.0593 57420 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
23:13:58.0593 57420 ql1080 - ok
23:13:58.0593 57420 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
23:13:58.0593 57420 Ql10wnt - ok
23:13:58.0609 57420 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
23:13:58.0609 57420 ql12160 - ok
23:13:58.0609 57420 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
23:13:58.0609 57420 ql1240 - ok
23:13:58.0609 57420 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
23:13:58.0609 57420 ql1280 - ok
23:13:58.0609 57420 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
23:13:58.0609 57420 RasAcd - ok
23:13:58.0640 57420 [ F5BA6CACCDB66C8F048E867563203246 ] RasAuto C:\WINDOWS\System32\rasauto.dll
23:13:58.0640 57420 RasAuto - ok
23:13:58.0703 57420 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
23:13:58.0703 57420 Rasl2tp - ok
23:13:58.0796 57420 [ F9A7B66EA345726EDB5862A46B1ECCD5 ] RasMan C:\WINDOWS\System32\rasmans.dll
23:13:58.0812 57420 RasMan - ok
23:13:58.0812 57420 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
23:13:58.0812 57420 RasPppoe - ok
23:13:58.0890 57420 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
23:13:58.0906 57420 Raspti - ok
23:13:58.0968 57420 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
23:13:58.0968 57420 Rdbss - ok
23:13:58.0968 57420 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
23:13:58.0968 57420 RDPCDD - ok
23:13:58.0984 57420 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
23:13:58.0984 57420 rdpdr - ok
23:13:59.0046 57420 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
23:13:59.0046 57420 RDPWD - ok
23:13:59.0062 57420 [ 263AF18AF0F3DB99F574C95F284CCEC9 ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
23:13:59.0062 57420 RDSessMgr - ok
23:13:59.0093 57420 [ ED761D453856F795A7FE056E42C36365 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
23:13:59.0093 57420 redbook - ok
23:13:59.0234 57420 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe
23:13:59.0234 57420 RegSrvc - ok
23:13:59.0265 57420 [ 0E97EC96D6942CEEC2D188CC2EB69A01 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
23:13:59.0265 57420 RemoteAccess - ok
23:13:59.0281 57420 [ E4CD1F3D84E1C2CA0B8CF7501E201593 ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
23:13:59.0281 57420 RemoteRegistry - ok
23:13:59.0328 57420 [ 2A02E21867497DF20B8FC95631395169 ] RpcLocator C:\WINDOWS\system32\locator.exe
23:13:59.0328 57420 RpcLocator - ok
23:13:59.0359 57420 [ 3127AFBF2C1ED0AB14A1BBB7AAECB85B ] RpcSs C:\WINDOWS\system32\rpcss.dll
23:13:59.0375 57420 RpcSs - ok
23:13:59.0390 57420 [ 4BDD71B4B521521499DFD14735C4F398 ] RSVP C:\WINDOWS\system32\rsvp.exe
23:13:59.0390 57420 RSVP - ok
23:13:59.0453 57420 [ 6E7470477D08F6E47E91016D6A1C5A5F ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
23:13:59.0453 57420 RTLE8023xp - ok
23:13:59.0531 57420 [ D7F1F8D85F31CBB74442EC30177885CC ] S24EventMonitor C:\Programme\Intel\WiFi\bin\S24EvMon.exe
23:13:59.0562 57420 S24EventMonitor - ok
23:13:59.0578 57420 [ 1F950F97DBF5E0BA4FBBFAF074D3B47C ] s24trans C:\WINDOWS\system32\DRIVERS\s24trans.sys
23:13:59.0578 57420 s24trans - ok
23:13:59.0640 57420 [ AFB8261B56CBA0D86AEB6DF682AF9785 ] SamSs C:\WINDOWS\system32\lsass.exe
23:13:59.0640 57420 SamSs - ok
23:13:59.0671 57420 [ DCEC079FAD95D36C8DD5CB6D779DFE32 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
23:13:59.0671 57420 SCardSvr - ok
23:13:59.0765 57420 [ A050194A44D7FA8D7186ED2F4E8367AE ] Schedule C:\WINDOWS\system32\schedsvc.dll
23:13:59.0781 57420 Schedule - ok
23:13:59.0828 57420 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
23:13:59.0828 57420 sdbus - ok
23:13:59.0968 57420 [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:13:59.0968 57420 SeaPort - ok
23:14:00.0000 57420 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
23:14:00.0000 57420 Secdrv - ok
23:14:00.0078 57420 [ BEE4CFD1D48C23B44CF4B974B0B79B2B ] seclogon C:\WINDOWS\System32\seclogon.dll
23:14:00.0093 57420 seclogon - ok
23:14:00.0156 57420 [ E5B56569A9F79B70314FEDE6C953641E ] seehcri C:\WINDOWS\system32\DRIVERS\seehcri.sys
23:14:00.0156 57420 seehcri - ok
23:14:00.0218 57420 [ 2AAC9B6ED9EDDFFB721D6452E34D67E3 ] SENS C:\WINDOWS\system32\sens.dll
23:14:00.0218 57420 SENS - ok
23:14:00.0265 57420 [ CF24EB4F0412C82BCD1F4F35A025E31D ] Serial C:\WINDOWS\system32\drivers\Serial.sys
23:14:00.0265 57420 Serial - ok
23:14:00.0359 57420 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
23:14:00.0359 57420 Sfloppy - ok
23:14:00.0468 57420 [ CAD058D5F8B889A87CA3EB3CF624DCEF ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
23:14:00.0484 57420 SharedAccess - ok
23:14:00.0484 57420 [ 2DB7D303C36DDD055215052F118E8E75 ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
23:14:00.0484 57420 ShellHWDetection - ok
23:14:00.0500 57420 Simbad - ok
23:14:00.0531 57420 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
23:14:00.0531 57420 sisagp - ok
23:14:00.0593 57420 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Programme\Skype\Updater\Updater.exe
23:14:00.0593 57420 SkypeUpdate - ok
23:14:00.0640 57420 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
23:14:00.0640 57420 SLIP - ok
23:14:00.0671 57420 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
23:14:00.0671 57420 Sparrow - ok
23:14:00.0750 57420 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
23:14:00.0750 57420 splitter - ok
23:14:00.0843 57420 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
23:14:00.0859 57420 Spooler - ok
23:14:00.0859 57420 sprtsvc_dellsupportcenter - ok
23:14:00.0875 57420 [ 50FA898F8C032796D3B1B9951BB5A90F ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
23:14:00.0875 57420 sr - ok
23:14:00.0890 57420 [ FE77A85495065F3AD59C5C65B6C54182 ] srservice C:\WINDOWS\system32\srsvc.dll
23:14:00.0890 57420 srservice - ok
23:14:01.0000 57420 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
23:14:01.0046 57420 Srv - ok
23:14:01.0046 57420 [ 4DF5B05DFAEC29E13E1ED6F6EE12C500 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
23:14:01.0046 57420 SSDPSRV - ok
23:14:01.0109 57420 [ B9E31F2A3640403B0EA3A867BB73B9F4 ] SSHDRV86 C:\WINDOWS\system32\drivers\SSHDRV86.sys
23:14:01.0109 57420 SSHDRV86 - ok
23:14:01.0171 57420 [ 66D1DA9E353E4E95ECBA28026FE13722 ] STacSV c:\drivers\audio\r211990\stacsv.exe
23:14:01.0187 57420 STacSV - ok
23:14:01.0296 57420 [ 5849F5D472A676ACE7224FC2C656F4B2 ] STHDA C:\WINDOWS\system32\drivers\sthda.sys
23:14:01.0328 57420 STHDA - ok
23:14:01.0359 57420 [ A2DBCC4C8860449DF1AB758EA28B4DE0 ] StillCam C:\WINDOWS\system32\DRIVERS\serscan.sys
23:14:01.0359 57420 StillCam - ok
23:14:01.0406 57420 [ BC2C5985611C5356B24AEB370953DED9 ] stisvc C:\WINDOWS\system32\wiaservc.dll
23:14:01.0406 57420 stisvc - ok
23:14:01.0437 57420 [ DE3E7A2345EBAA3CE8E6957DFB55FB15 ] stllssvr C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe
23:14:01.0437 57420 stllssvr - ok
23:14:01.0484 57420 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
23:14:01.0484 57420 streamip - ok
23:14:01.0546 57420 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
23:14:01.0546 57420 swenum - ok
23:14:01.0656 57420 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
23:14:01.0656 57420 swmidi - ok
23:14:01.0656 57420 SwPrv - ok
23:14:01.0734 57420 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
23:14:01.0734 57420 symc810 - ok
23:14:01.0781 57420 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
23:14:01.0781 57420 symc8xx - ok
23:14:01.0812 57420 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
23:14:01.0812 57420 sym_hi - ok
23:14:01.0828 57420 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
23:14:01.0828 57420 sym_u3 - ok
23:14:01.0859 57420 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
23:14:01.0859 57420 sysaudio - ok
23:14:01.0906 57420 [ 2903FFFA2523926D6219428040DCE6B9 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
23:14:01.0906 57420 SysmonLog - ok
23:14:02.0015 57420 [ 05903CAC4B98908D55EA5774775B382E ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
23:14:02.0093 57420 TapiSrv - ok
23:14:02.0156 57420 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
23:14:02.0156 57420 Tcpip - ok
23:14:02.0187 57420 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
23:14:02.0203 57420 TDPIPE - ok
23:14:02.0250 57420 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
23:14:02.0250 57420 TDTCP - ok
23:14:02.0312 57420 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
23:14:02.0312 57420 TermDD - ok
23:14:02.0390 57420 [ B7DE02C863D8F5A005A7BF375375A6A4 ] TermService C:\WINDOWS\System32\termsrv.dll
23:14:02.0406 57420 TermService - ok
23:14:02.0437 57420 [ 2DB7D303C36DDD055215052F118E8E75 ] Themes C:\WINDOWS\System32\shsvcs.dll
23:14:02.0437 57420 Themes - ok
23:14:02.0468 57420 [ 03681A1CE77F51586903869A5AB1DEAB ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
23:14:02.0484 57420 TlntSvr - ok
23:14:02.0500 57420 [ D213A9247DC347F305A2D4CC9B951487 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
23:14:02.0500 57420 TosIde - ok
23:14:02.0531 57420 [ 626504572B175867F30F3215C04B3E2F ] TrkWks C:\WINDOWS\system32\trkwks.dll
23:14:02.0546 57420 TrkWks - ok
23:14:02.0578 57420 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
23:14:02.0578 57420 Udfs - ok
23:14:02.0609 57420 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
23:14:02.0625 57420 ultra - ok
23:14:02.0687 57420 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
23:14:02.0687 57420 Update - ok
23:14:02.0703 57420 [ 1DFD8975D8C89214B98D9387C1125B49 ] upnphost C:\WINDOWS\System32\upnphost.dll
23:14:02.0718 57420 upnphost - ok
23:14:02.0750 57420 [ 9B11E6118958E63E1FEF129466E2BDA7 ] UPS C:\WINDOWS\System32\ups.exe
23:14:02.0765 57420 UPS - ok
23:14:02.0812 57420 [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
23:14:02.0812 57420 USBAAPL - ok
23:14:02.0875 57420 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
23:14:02.0875 57420 usbccgp - ok
23:14:02.0890 57420 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
23:14:02.0890 57420 usbehci - ok
23:14:02.0921 57420 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
23:14:02.0921 57420 usbhub - ok
23:14:02.0984 57420 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
23:14:02.0984 57420 usbprint - ok
23:14:03.0000 57420 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
23:14:03.0000 57420 usbscan - ok
23:14:03.0046 57420 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
23:14:03.0046 57420 USBSTOR - ok
23:14:03.0093 57420 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
23:14:03.0093 57420 usbuhci - ok
23:14:03.0125 57420 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
23:14:03.0140 57420 usbvideo - ok
23:14:03.0171 57420 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
23:14:03.0171 57420 VgaSave - ok
23:14:03.0203 57420 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
23:14:03.0218 57420 viaagp - ok
23:14:03.0234 57420 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
23:14:03.0234 57420 ViaIde - ok
23:14:03.0265 57420 [ A5A712F4E880874A477AF790B5186E1D ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
23:14:03.0281 57420 VolSnap - ok
23:14:03.0328 57420 [ 68F106273BE29E7B7EF8266977268E78 ] VSS C:\WINDOWS\System32\vssvc.exe
23:14:03.0343 57420 VSS - ok
23:14:03.0406 57420 [ 7B353059E665F8B7AD2BBEAEF597CF45 ] w32time C:\WINDOWS\system32\w32time.dll
23:14:03.0421 57420 w32time - ok
23:14:03.0437 57420 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
23:14:03.0437 57420 Wanarp - ok
23:14:03.0515 57420 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
23:14:03.0515 57420 Wdf01000 - ok
23:14:03.0531 57420 WDICA - ok
23:14:03.0609 57420 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
23:14:03.0609 57420 wdmaud - ok
23:14:03.0671 57420 [ 81727C9873E3905A2FFC1EBD07265002 ] WebClient C:\WINDOWS\System32\webclnt.dll
23:14:03.0671 57420 WebClient - ok
23:14:03.0843 57420 [ 6F3F3973D97714CC5F906A19FE883729 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
23:14:03.0859 57420 winmgmt - ok
23:14:03.0906 57420 [ BD4DACD31BD71CFCD5610BF9AD6E06E7 ] WLANKEEPER C:\Programme\Intel\WiFi\bin\WLKeeper.exe
23:14:03.0921 57420 WLANKEEPER - ok
23:14:03.0984 57420 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
23:14:04.0000 57420 WmdmPmSN - ok
23:14:04.0093 57420 [ FFA4D901D46D07A5BAB2D8307FBB51A6 ] Wmi C:\WINDOWS\System32\advapi32.dll
23:14:04.0109 57420 Wmi - ok
23:14:04.0125 57420 [ 93908111BA57A6E60EC2FA2DE202105C ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
23:14:04.0140 57420 WmiApSrv - ok
23:14:04.0312 57420 [ BF05650BB7DF5E9EBDD25974E22403BB ] WMPNetworkSvc C:\Programme\Windows Media Player\WMPNetwk.exe
23:14:04.0328 57420 WMPNetworkSvc - ok
23:14:04.0375 57420 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\Drivers\wpdusb.sys
23:14:04.0375 57420 WpdUsb - ok
23:14:04.0421 57420 [ 300B3E84FAF1A5C1F791C159BA28035D ] wscsvc C:\WINDOWS\system32\wscsvc.dll
23:14:04.0421 57420 wscsvc - ok
23:14:04.0437 57420 WSearch - ok
23:14:04.0453 57420 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
23:14:04.0453 57420 WSTCODEC - ok
23:14:04.0531 57420 [ 7B4FE05202AA6BF9F4DFD0E6A0D8A085 ] wuauserv C:\WINDOWS\system32\wuauserv.dll
23:14:04.0531 57420 wuauserv - ok
23:14:04.0625 57420 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
23:14:04.0625 57420 WudfPf - ok
23:14:04.0703 57420 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
23:14:04.0703 57420 WudfRd - ok
23:14:04.0765 57420 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
23:14:04.0765 57420 WudfSvc - ok
23:14:04.0890 57420 [ C4F109C005F6725162D2D12CA751E4A7 ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
23:14:04.0906 57420 WZCSVC - ok
23:14:04.0937 57420 [ 0ADA34871A2E1CD2CAAFED1237A47750 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
23:14:04.0937 57420 xmlprov - ok
23:14:04.0984 57420 ================ Scan global ===============================
23:14:05.0046 57420 [ 2C60091CA5F67C3032EAB3B30390C27F ] C:\WINDOWS\system32\basesrv.dll
23:14:05.0078 57420 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:14:05.0093 57420 [ A28CE25B59C90E12743001A1F2AE3613 ] C:\WINDOWS\system32\winsrv.dll
23:14:05.0125 57420 [ A3EDBE9053889FB24AB22492472B39DC ] C:\WINDOWS\system32\services.exe
23:14:05.0125 57420 [Global] - ok
23:14:05.0125 57420 ================ Scan MBR ==================================
23:14:05.0156 57420 [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:14:05.0343 57420 \Device\Harddisk0\DR0 - ok
23:14:05.0343 57420 ================ Scan VBR ==================================
23:14:05.0343 57420 [ 201CB0736BCE0DF8B6B0ED9FFB376F92 ] \Device\Harddisk0\DR0\Partition1
23:14:05.0343 57420 \Device\Harddisk0\DR0\Partition1 - ok
23:14:05.0343 57420 ============================================================
23:14:05.0343 57420 Scan finished
23:14:05.0343 57420 ============================================================
23:14:05.0359 58760 Detected object count: 1
23:14:05.0359 58760 Actual detected object count: 1
23:16:01.0437 58760 nv ( ForgedFile.Multi.Generic ) - skipped by user
23:16:01.0437 58760 nv ( ForgedFile.Multi.Generic ) - User select action: Skip
23:16:14.0281 46584 Deinitialize success
nlut |
|
24.02.2013, 23:27
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Dann bitte jetzt CF ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 00:00
| #9 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo Cosinus, anbei das Combofix-log. Code:
ATTFilter ComboFix 13-02-24.01 - Lutoxxxx 24.02.2013 23:36:24.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.49.1031.18.3067.2051 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Lutoxxxx\Desktop\ComboFix.exe
AV: M-net Sicherheitspaket 9.12 *Disabled/Updated* {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: M-net Sicherheitspaket 9.12 *Disabled* {D4747503-0346-49EB-9262-997542F79BF4}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\All Users\Anwendungsdaten\DragToDiscUserNameD.txt
c:\dokumente und einstellungen\Vali\Lokale Einstellungen\Anwendungsdaten\Skype\Phone\Skype.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-24 bis 2013-02-24 ))))))))))))))))))))))))))))))
.
.
2013-02-23 00:09 . 2013-02-24 05:43 -------- d-----w- c:\dokumente und einstellungen\Lutoxxxx\Tracing
2013-02-22 23:07 . 2013-02-22 23:07 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-22 22:13 . 2013-02-22 22:13 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-02-21 23:50 . 2013-02-21 23:50 -------- d-----w- c:\programme\7-Zip
2013-02-19 20:11 . 2013-02-20 06:12 -------- d-----w- c:\programme\Mozilla Thunderbird
2013-02-17 12:31 . 2013-02-17 12:31 -------- d-----w- c:\dokumente und einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\AAV
2013-02-17 11:48 . 2013-02-17 11:48 -------- d-----w- c:\dokumente und einstellungen\Lutoxxxx\Anwendungsdaten\AAV
2013-02-17 11:45 . 2013-02-17 11:49 -------- d-----w- c:\programme\Akademische Arbeitsgemeinschaft
2013-02-17 11:41 . 2013-02-24 21:07 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\AAV
2013-02-17 09:46 . 2013-02-17 09:46 -------- d-----w- c:\dokumente und einstellungen\Lutoxxxx\Anwendungsdaten\Malwarebytes
2013-02-17 09:46 . 2013-02-17 09:46 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2013-02-17 09:46 . 2013-02-17 09:46 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2013-02-17 09:46 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-16 18:49 . 2013-02-16 18:49 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee Security Scan
2013-02-16 18:49 . 2013-02-23 18:49 -------- d-----w- c:\programme\McAfee Security Scan
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-22 23:07 . 2009-07-24 02:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-22 23:07 . 2012-06-07 09:59 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-02-22 23:07 . 2010-10-31 20:13 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-16 18:49 . 2012-04-06 06:42 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-16 18:49 . 2011-06-17 10:49 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2008-04-25 09:45 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 07:23 . 2008-04-25 09:45 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 07:23 . 2008-04-14 07:30 2030080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 10:08 . 2008-04-25 09:46 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2008-04-25 09:45 1297920 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2008-04-25 09:45 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-27 10:24 . 2008-04-25 09:46 672768 ----a-w- c:\windows\system32\wininet.dll
2012-12-27 10:24 . 2008-04-25 09:46 61952 ----a-w- c:\windows\system32\tdc.ocx
2012-12-27 10:24 . 2008-04-25 09:45 81920 ----a-w- c:\windows\system32\ieencode.dll
2012-12-27 10:23 . 2008-04-25 09:45 371200 ------w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2008-04-25 09:45 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-08-15 16:24 . 2012-08-15 16:24 656896 ------w- c:\programme\rjbres.dll
2012-08-15 16:24 . 2012-08-15 16:24 45056 ------w- c:\programme\ierjplug.dll
2012-08-15 16:24 . 2012-08-15 16:24 361984 ------w- c:\programme\rjdlg.dll
2012-08-15 16:24 . 2012-08-15 16:24 34304 ------w- c:\programme\rjprog.dll
2012-08-15 16:24 . 2012-08-15 16:24 16896 ------w- c:\programme\wmdmhelper.dll
2012-08-15 16:24 . 2012-08-15 16:24 139264 ------w- c:\programme\dunzip32.dll
2012-08-15 16:24 . 2012-08-15 16:24 9728 ------w- c:\programme\fixrjb.exe
2012-08-15 16:24 . 2012-08-15 16:24 943344 ------w- c:\programme\cddblink.dll
2012-08-15 16:24 . 2012-08-15 16:24 1115376 ------w- c:\programme\cddbmusicid.dll
2012-08-15 16:24 . 2012-08-15 16:24 74240 ------w- c:\programme\tsasdk.dll
2012-08-15 16:24 . 2012-08-15 16:24 48640 ------w- c:\programme\tpasdk.dll
2012-08-15 16:24 . 2012-08-15 16:24 45056 ------w- c:\programme\mmcdda32.dll
2012-08-15 16:24 . 2012-08-15 16:24 23552 ------w- c:\programme\tnetdtct.dll
2012-08-15 16:24 . 2012-08-15 16:24 2041072 ------w- c:\programme\cddbcontrol.dll
2012-08-15 16:24 . 2012-08-15 16:24 67584 ------w- c:\programme\rpwa3260.dll
2012-08-15 16:24 . 2012-08-15 16:24 45760 ------w- c:\programme\rpshellsearch.dll
2012-08-15 16:24 . 2012-08-15 16:24 16296 ------w- c:\programme\realtfon.fon
2012-08-15 16:24 . 2012-08-15 16:24 375448 ------w- c:\programme\realconverter.exe
2012-08-15 16:24 . 2012-08-15 16:24 349336 ------w- c:\programme\convert.exe
2012-08-15 16:24 . 2012-08-15 16:24 390384 ------w- c:\programme\mc_enc_mp4v.dll
2012-08-15 16:24 . 2012-08-15 16:24 381080 ------w- c:\programme\realtrimmer.exe
2012-08-15 16:24 . 2012-08-15 16:24 129680 ------w- c:\programme\realshare.exe
2012-08-15 16:24 . 2012-08-15 16:24 72192 ------w- c:\programme\rjwmapln.dll
2012-08-15 16:24 . 2012-08-15 16:24 719360 ------w- c:\programme\dbghelp.dll
2012-08-15 16:24 . 2012-08-15 16:24 46592 ------w- c:\programme\rpau3260.dll
2012-08-15 16:23 . 2012-08-15 16:23 88064 ------w- c:\programme\hxaudiodevicehook.dll
2012-08-15 16:23 . 2012-08-15 16:23 29856 ------w- c:\programme\rndevicedbbuilder.exe
2012-08-15 16:23 . 2012-08-15 16:23 116920 ------w- c:\programme\rdsf3260.dll
2012-08-15 16:23 . 2012-08-15 16:23 86528 ------w- c:\programme\rpplugprot.dll
2012-08-15 16:23 . 2012-08-15 16:23 64696 ------w- c:\programme\rpshell.dll
2012-08-15 16:23 . 2012-08-15 16:23 18104 ------w- c:\programme\rphelperapp.exe
2012-08-15 16:23 . 2012-08-15 16:23 499352 ------w- c:\programme\realplay.exe
2012-08-15 16:23 . 2012-08-15 16:23 10240 ------w- c:\programme\realjbox.exe
2012-08-15 16:23 . 2012-08-15 16:23 439504 ------w- c:\programme\recordingmanager.exe
2013-01-05 03:44 . 2011-07-24 13:54 262704 ----a-w- c:\programme\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="c:\programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
"DellSupportCenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"EssentialPIM"="c:\programme\EssentialPIM\EssentialPIM.exe" [2012-08-24 8095224]
"AVMUSBFernanschluss"="c:\dokumente und einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe" [2010-01-03 139264]
"WMPNSCFG"="c:\programme\Windows Media Player\WMPNSCFG.exe" [2006-11-03 204288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\programme\DellTPad\Apoint.exe" [2009-03-31 217088]
"SysTrayApp"="c:\programme\IDT\WDM\sttray.exe" [2009-02-22 483420]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-02-22 729088]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-22 13590528]
"nwiz"="nwiz.exe" [2009-01-22 1630208]
"NVHotkey"="nvHotkey.dll" [2009-01-22 90112]
"NvMediaCenter"="NvMCTray.dll" [2009-01-22 86016]
"OEM13Mon.exe"="c:\windows\OEM13Mon.exe" [2009-01-19 36864]
"DELL Webcam Manager"="c:\programme\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"IntelZeroConfig"="c:\programme\Intel\WiFi\bin\ZCfgSvc.exe" [2008-07-11 1351680]
"IntelWireless"="c:\programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe" [2008-07-11 1191936]
"dscactivate"="c:\programme\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]
"DellSupportCenter"="c:\programme\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"mxomssmenu"="c:\programme\Maxtor\OneTouch Status\maxmenumgr.exe" [2008-07-21 169312]
"tuloxFreeWBE"="c:\programme\tuloxFreeWBE\FreeDict.exe" [2009-04-23 2479104]
"CanonMyPrinter"="c:\programme\Canon\MyPrinter\BJMyPrt.exe" [2007-04-03 1603152]
"Nikon Transfer Monitor"="c:\programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\programme\QuickTime\QTTask.exe" [2010-11-29 421888]
"AppleSyncNotifier"="c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"ApnUpdater"="c:\programme\Ask.com\Updater\Updater.exe" [2013-01-24 1646216]
"Adobe ARM"="c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"F-Secure Manager"="c:\programme\M-net\Sicherheitspaket\Common\FSM32.EXE" [2009-11-18 201128]
"F-Secure TNB"="c:\programme\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe" [2011-11-02 1655464]
"TkBellExe"="c:\programme\update\realsched.exe" [2012-08-15 296096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
WISO Mein Steuer-Sparbuch heute.lnk - c:\programme\WISO\Steuersoftware 2013\mshaktuell.exe [2012-11-25 1397840]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Programme\\Dell Video Chat\\DellVideoChat.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\FRITZ!DSL\\IGDCTRL.EXE"=
"c:\\Programme\\FRITZ!DSL\\FBOXUPD.EXE"=
"c:\\Programme\\FRITZ!DSL\\WebwaIgd.exe"=
"c:\\Dokumente und Einstellungen\\Lutoxxxx\\Lokale Einstellungen\\Apps\\2.0\\8KRO677R.DAH\\X8EX6LKL.L3T\\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\\fritzbox-usb-fernanschluss.exe"=
"c:\\Programme\\FinalMediaPlayer\\FMPCheckForUpdates.exe"=
"c:\\Programme\\FRITZ!Box-Kindersicherung\\avmident.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\tuloxFreeWBE\\FreeDict.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Dokumente und Einstellungen\\Lutoxxxx\\Lokale Einstellungen\\Apps\\2.0\\8KRO677R.DAH\\X8EX6LKL.L3T\\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\\fritzbox-usb-fernanschluss.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2066:TCP"= 2066:TCP:Fritz-USB-Drucker-TCP
"2066:UDP"= 2066:UDP:Fritz-USB-Drucker-UDP
.
R0 fsbts;fsbts;c:\windows\system32\drivers\fsbts.sys [02.11.2011 16:24 44240]
R0 FSFW;F-Secure Firewall Driver;c:\windows\system32\drivers\fsdfw.sys [02.11.2011 16:24 81864]
R1 F-Secure HIPS;F-Secure HIPS Driver;c:\programme\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys [02.11.2011 16:23 69928]
R1 SSHDRV86;SSHDRV86;c:\windows\system32\drivers\SSHDRV86.sys [06.12.2010 18:46 81408]
R2 acedrv09;acedrv09;c:\windows\system32\drivers\acedrv09.sys [18.06.2007 14:10 373568]
R2 acedrv10;acedrv10;c:\windows\system32\drivers\ACEDRV10.sys [24.07.2007 08:45 328824]
R2 acehlp09;acehlp09;c:\windows\system32\drivers\acehlp09.sys [30.05.2007 17:54 201696]
R2 acehlp10;acehlp10;c:\windows\system32\drivers\acehlp10.sys [11.07.2007 09:20 201848]
R2 avmidentd;AVM FRITZ!Box-Kindersicherung;c:\programme\FRITZ!Box-Kindersicherung\avmident.exe [21.08.2006 17:57 49152]
R2 IGDCTRL;AVM IGD CTRL Service;c:\programme\FRITZ!DSL\IGDCTRL.EXE [04.09.2007 10:14 87344]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [24.07.2009 06:06 112512]
R3 avmaudio;AVM Audio;c:\windows\system32\drivers\avmaudio.sys [03.01.2010 16:59 101248]
R3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\drivers\avmaura.sys [03.01.2010 16:59 101248]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys [02.11.2011 16:23 144952]
R3 O2MDGRDR;O2MDGRDR;c:\windows\system32\drivers\o2mdg.sys [24.07.2009 06:06 51616]
R3 O2SDGRDR;O2SDGRDR;c:\windows\system32\drivers\o2sdg.sys [24.07.2009 06:06 41760]
R3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\drivers\OEM13Afx.sys [24.07.2009 06:06 141376]
R3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\drivers\OEM13Vfx.sys [24.07.2009 06:06 7424]
R3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\drivers\OEM13Vid.sys [24.07.2009 06:06 235840]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [04.10.2010 12:43 27632]
S2 SkypeUpdate;Skype Updater;c:\programme\Skype\Updater\Updater.exe [13.07.2012 12:28 160944]
S3 AAV UpdateService;AAV UpdateService;c:\programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [24.10.2008 16:35 128296]
S3 FSORSPClient;F-Secure ORSP Client;c:\programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe [02.11.2011 16:23 61088]
S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [04.04.2008 08:02 87424]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [04.10.2010 12:43 13224]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [22.02.2013 23:13 35144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\programme\McAfee Security Scan\3.0.318\McCHSvc.exe [05.02.2013 16:48 235216]
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 02818995
*NewlyCreated* - ASWMBR
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
*Deregistered* - 02818995
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 17:02 114688 ------w- c:\programme\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 18:49]
.
2013-02-24 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\programme\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-11-23 10:25]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 11:33]
.
2013-02-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-09-26 11:33]
.
2013-02-24 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-229967651-452918711-2505415267-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-02-20 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-229967651-452918711-2505415267-1005.job
- c:\programme\Real\RealUpgrade\realupgrade.exe [2012-07-27 12:27]
.
2013-02-10 c:\windows\Tasks\Rescue Reminder for 2HAPMXQ0.job
- c:\programme\Maxtor\ManagerApp\MaxUtilities.exe [2008-07-21 14:52]
.
2013-02-23 c:\windows\Tasks\Scheduled scanning task.job
- c:\progra~1\M-net\SICHER~1\ANTI-V~1\fsav.exe [2011-11-02 16:06]
.
2013-02-24 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\programme\Ask.com\UpdateTask.exe [2013-01-24 13:18]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://fcb.de/
mStart Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth-Gerät... - c:\programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\dokumente und einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.fcbayern.telekom.de/de/aktuell/start/index.php
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-EA Core - c:\programme\Electronic Arts\EADM\Core.exe
AddRemove-tulox Freeware-Wörterbuch (Englisch) - c:\progra~1\TULOXF~1\UNWISE32
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-02-24 23:40
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-229967651-452918711-2505415267-1005\Software\SecuROM\License information*]
"datasecu"=hex:9c,f7,ce,e3,f5,a9,90,87,1a,bb,46,13,12,ef,b7,7a,04,31,f4,90,9d,
bf,80,cf,73,26,af,46,54,64,9b,d4,ce,14,f9,a3,a1,a6,79,7a,0d,4e,8a,cc,94,d8,\
"rkeysecu"=hex:c8,a1,fb,71,f3,6e,e5,fa,c0,0b,42,87,6c,51,d6,db
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1028)
c:\programme\m-net\sicherheitspaket\hips\fshook32.dll
c:\programme\M-net\Sicherheitspaket\FWES\Program\fsdc32.dll
c:\windows\system32\netprovcredman.dll
.
- - - - - - - > 'lsass.exe'(1088)
c:\programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL
c:\programme\m-net\sicherheitspaket\hips\fshook32.dll
c:\programme\M-net\Sicherheitspaket\FWES\Program\fsdc32.dll
.
- - - - - - - > 'csrss.exe'(936)
c:\programme\M-net\Sicherheitspaket\FWES\Program\fsdc32.dll
.
Zeit der Fertigstellung: 2013-02-24 23:42:07
ComboFix-quarantined-files.txt 2013-02-24 22:41
.
Vor Suchlauf: 17 Verzeichnis(se), 187.153.612.800 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 188.794.675.200 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 1047C5AA3E8D6A8ACD232ECEA8B092A7
nlut |
|
25.02.2013, 11:49
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
25.02.2013, 23:16
| #11 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo Cosinus, wie gewünscht, die Protkolle. jrt Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.5 (02.18.2013:1)
OS: Microsoft Windows XP x86
Ran by Lutoxxxx on 25.02.2013 at 22:04:36,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\urlsearchhooks\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\genericasktoolbar.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0cfe535c35f99574e8340bfa75bf92c2"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\0e12f736682067fde4d1158d5940a82e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\120dfadeb50841f408f04d2a278f9509"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\1a24b5bb8521b03e0c8d908f5abc0ae6"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\261f213d1f55267499b1f87d0cc3bcf7"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\2b0d56c4f4c46d844a57ffed6f0d2852"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\49d4375fe41653242aea4c969e4e65e0"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6aa0923513360135b272e8289c5f13fa"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\6f7467af8f29c134cbbab394eccfde96"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\741b4adf27276464790022c965ab6da8"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\7de196b10195f5647a2b21b761f3de01"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\922525dcc5199162f8935747ca3d8e59"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\9d4f5849367142e4685ed8c25e44c5ed"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a5875b04372c19545beb90d4d606c472"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\a876d9e80b896ec44a8620248cc79296"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\b66ffab725b92594c986de826a867888"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\bcda179d619b91648538e3394cac94cc"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\d677b1a9671d4d4004f6f2a4469e86ea"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\dd1402a9dd4215a43abde169a41afa0e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\e36e114a0ead2ad46b381d23ad69cddf"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\components\ef8e618db3aedfbb384561b5c548f65e"
Successfully deleted: [Registry Key] "hkey_local_machine\software\microsoft\windows\currentversion\installer\userdata\s-1-5-18\products\a28b4d68debaa244eb686953b7074fef"
~~~ Files
Successfully deleted: [File] "C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job"
~~~ Folders
Successfully deleted: [Folder] "C:\Programme\free offers from freeze.com"
Successfully deleted: [Folder] "C:\Programme\ask.com"
Successfully deleted: [Folder] "C:\WINDOWS\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
~~~ FireFox
Successfully deleted: [File] C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\mozilla\firefox\profiles\lehyrx9p.default\user.js
Successfully deleted: [Folder] C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\mozilla\firefox\profiles\lehyrx9p.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\mozilla\firefox\profiles\lehyrx9p.default\prefs.js
user_pref("browser.newtabpage.blocked", "{\"LHtXxroIZRNGNZeeR22UxA==\":1,\"ZZB8Ntm2c1TvRVMdnqfsdA==\":1,\"BJWahiUNcFi/1DvLXUcluw==\":1,\"BhrYBsmAqzYSUb/BFWomKw==\":1,\"aRRYAVC
user_pref("extensions.asktb.InstallDir", "C:\\Programme\\Ask.com\\");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
user_pref("extensions.asktb.cbid", "PV");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.displaybehavior", "");
user_pref("extensions.asktb.displaytext", "");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.ff19-config-first-run", "true");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "88D27B44-7641-4690-B686-FAD706ECD78D");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "su");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1361746447830");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.lstation", "");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.news-native-on", true);
user_pref("extensions.asktb.o", "15000");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.pstate", "");
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "19");
user_pref("extensions.asktb.sa", "NO");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "06.02.2013 07:01:24");
user_pref("extensions.asktb.v", "3.15.15.100013");
user_pref("extensions.asktb.version", "5.15.15.35882");
user_pref("extensions.asktb.volume", "");
user_pref("extensions.enabledItems", "{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110704,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.3.0.7280,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:
user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Emptied folder: C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\mozilla\firefox\profiles\lehyrx9p.default\minidumps [14 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.02.2013 at 22:08:16,01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.113 - Datei am 25/02/2013 um 22:22:51 erstellt
# Aktualisiert am 23/02/2013 von Xplode
# Betriebssystem : Microsoft Windows XP Service Pack 3 (32 bits)
# Benutzer : Lutoxxxx - NIVALULI
# Bootmodus : Normal
# Ausgeführt unter : C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\AskToolbar
Ordner Gelöscht : C:\Dokumente und Einstellungen\Vali\Lokale Einstellungen\Anwendungsdaten\AskToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Internet Browser] *****
-\\ Internet Explorer v6.0.2900.5512
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\prefs.js
[OK] Die Datei ist sauber.
Datei : C:\Dokumente und Einstellungen\Vali\Anwendungsdaten\Mozilla\Firefox\Profiles\5eoc0mb5.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [2907 octets] - [25/02/2013 22:10:46]
AdwCleaner[S1].txt - [2840 octets] - [25/02/2013 22:22:51]
########## EOF - C:\AdwCleaner[S1].txt - [2900 octets] ##########
Code:
ATTFilter OTL logfile created on: 25.02.2013 22:31:41 - Run 5 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Lutoxxxx\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.5512) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,60% Memory free 4,84 Gb Paging File | 4,17 Gb Available in Paging File | 86,32% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 298,05 Gb Total Space | 175,79 Gb Free Space | 58,98% Space Free | Partition Type: NTFS Drive D: | 107,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: NIVALULI | User Name: Lutoxxxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsav32.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fssm32.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32.exe (F-Secure Corporation) PRC - C:\Programme\EssentialPIM\EssentialPIM.exe (Astonsoft Ltd) PRC - C:\Programme\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) PRC - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) PRC - C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH) PRC - C:\Programme\DellTPad\hidfind.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.) PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) PRC - c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) PRC - C:\WINDOWS\system32\AESTFltr.exe (Andrea Electronics Corporation) PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) PRC - C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) PRC - C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.) PRC - C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) PRC - C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) PRC - C:\Programme\Maxtor\OneTouch Status\MaxMenuMgr.exe (Maxtor Corporation) PRC - C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) PRC - C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) PRC - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) PRC - C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) PRC - C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) ========== Modules (No Company Name) ========== MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ba12e418b906593b7c9c18f971f36bf9\System.Windows.Forms.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Deployment\ef1d9614d051bc4a8dbde75ac1ef851d\System.Deployment.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\dfsvc\eeefda9b58e578a92df0439b8e1772d8\dfsvc.ni.exe () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\7782f356a838c403b4a8e9c80df5a577\System.Drawing.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll () MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll () MOD - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\hashlib_x86.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fm4av.dll () MOD - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Spam Control\fsas.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSPC\fspcfsm.eng () MOD - \\?\c:\programme\m-net\sicherheitspaket\hips\fsumi.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\strres.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\gres.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\fsavures.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\flyerres.eng () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\aboutres.dll () MOD - C:\Programme\M-net\Sicherheitspaket\FSGUI\about.dll () MOD - C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsavhres.eng () MOD - c:\Programme\M-net\Sicherheitspaket\DAAS2\daas2.dll () MOD - C:\WINDOWS\system32\nvshell.dll () MOD - C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\CustomUIResource.dll () MOD - C:\Programme\Intel\WiFi\bin\iWMSProv.dll () MOD - C:\Programme\Gemeinsame Dateien\Roxio Shared\9.0\DLLShared\dlaapi_w.dll () MOD - C:\WINDOWS\system32\btwicons.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (FSORSPClient) -- C:\Programme\M-net\Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (FSMA) -- C:\Programme\M-net\Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation) SRV - (FSDFWD) -- C:\Programme\M-net\Sicherheitspaket\FWES\program\fsdfwd.exe (F-Secure Corporation) SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation) SRV - (STacSV) -- c:\drivers\audio\R211990\stacsv.exe (IDT, Inc.) SRV - (O2FLASH) -- C:\WINDOWS\system32\drivers\o2flash.exe (O2Micro International) SRV - (AAV UpdateService) -- C:\Programme\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe () SRV - (sprtsvc_dellsupportcenter) -- C:\Programme\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.) SRV - (Maxtor Sync Service) -- C:\Programme\Maxtor\Sync\SyncServices.exe (Seagate Technology LLC) SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (WLANKEEPER) -- C:\Programme\Intel\WiFi\bin\WLKEEPER.exe (Intel(R) Corporation) SRV - (S24EventMonitor) -- C:\Programme\Intel\WiFi\bin\S24EvMon.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (IGDCTRL) -- C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin) SRV - (stllssvr) -- C:\Programme\Gemeinsame Dateien\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (avmidentd) -- C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe (AVM Berlin) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (WDICA) -- File not found DRV - (PDRFRAME) -- File not found DRV - (PDRELI) -- File not found DRV - (PDFRAME) -- File not found DRV - (PDCOMP) -- File not found DRV - (PCIDump) -- File not found DRV - (lbrtfdc) -- File not found DRV - (Changer) -- File not found DRV - (catchme) -- C:\DOKUME~1\Lutoxxxx\LOKALE~1\Temp\catchme.sys File not found DRV - (mbamchameleon) -- C:\WINDOWS\system32\drivers\mbamchameleon.sys () DRV - (F-Secure Gatekeeper) -- C:\Programme\M-net\Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys () DRV - (avmaudio) -- C:\WINDOWS\system32\drivers\avmaudio.sys (AVM Berlin) DRV - (fsbts) -- C:\WINDOWS\system32\drivers\fsbts.sys () DRV - (ACEDRV05) -- C:\WINDOWS\system32\drivers\ACEDRV05.sys (Protect Software GmbH) DRV - (ACEDRV07) -- C:\WINDOWS\system32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (SSHDRV86) -- C:\WINDOWS\system32\drivers\SSHDRV86.sys () DRV - (seehcri) -- C:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications) DRV - (ggsemc) -- C:\WINDOWS\system32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\WINDOWS\system32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (avmaura) -- C:\WINDOWS\system32\drivers\avmaura.sys (AVM Berlin) DRV - (F-Secure HIPS) -- C:\Programme\M-net\Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation) DRV - (FSFW) -- C:\WINDOWS\system32\drivers\fsdfw.sys (F-Secure Corporation) DRV - (ApfiltrService) -- C:\WINDOWS\system32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.) DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (IDT, Inc.) DRV - (AESTAud) -- C:\WINDOWS\system32\drivers\AESTAud.sys (Andrea Electronics Corporation) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (O2SDGRDR) -- C:\WINDOWS\system32\drivers\o2sdg.sys (O2Micro ) DRV - (O2MDGRDR) -- C:\WINDOWS\system32\drivers\o2mdg.sys (O2Micro ) DRV - (OEM13Vid) -- C:\WINDOWS\system32\drivers\OEM13Vid.sys (Creative Technology Ltd.) DRV - (OEM13Vfx) -- C:\WINDOWS\system32\drivers\OEM13Vfx.sys (EyePower Games Pte. Ltd.) DRV - (OEM13Afx) -- C:\WINDOWS\system32\drivers\OEM13Afx.sys (Creative Technology Ltd.) DRV - (NETw5x32) -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation) DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation) DRV - (GemCCID) -- C:\WINDOWS\system32\drivers\GemCCID.sys (Gemalto) DRV - (acedrv10) -- C:\WINDOWS\system32\drivers\ACEDRV10.sys (Protect Software GmbH) DRV - (DLADResM) -- C:\WINDOWS\system32\drivers\DLADResM.SYS (Roxio) DRV - (DLABMFSM) -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS (Roxio) DRV - (DLAUDF_M) -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS (Roxio) DRV - (DLAUDFAM) -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS (Roxio) DRV - (DLAOPIOM) -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS (Roxio) DRV - (DLABOIOM) -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS (Roxio) DRV - (DLAPoolM) -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS (Roxio) DRV - (DLAIFS_M) -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS (Roxio) DRV - (DLARTL_M) -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS (Roxio) DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Roxio) DRV - (acehlp10) -- C:\WINDOWS\system32\drivers\acehlp10.sys (Protect Software GmbH) DRV - (acedrv09) -- C:\WINDOWS\system32\drivers\acedrv09.sys (Protect Software GmbH) DRV - (acehlp09) -- C:\WINDOWS\system32\drivers\acehlp09.sys (Protect Software GmbH) DRV - (MXOPSWD) -- C:\WINDOWS\system32\drivers\mxopswd.sys (Maxtor Corp.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.euro.dell.com/content/default.aspx?c=de&l=de&s=gen IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = hxxp://g.uk.msn.com/USSMB/8 IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USSMB/8 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://fcb.de/ IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-229967651-452918711-2505415267-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Programme\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Programme\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\programme\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\programme\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\programme\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\litmus-ff@f-secure.com: C:\Programme\M-net\Sicherheitspaket\NRS\litmus-ff@f-secure.com [2013.02.14 09:24:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.08.15 17:24:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.29 20:20:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.02.23 18:19:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2013.02.19 21:11:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2010.07.21 11:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Extensions [2010.07.21 11:57:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.25 22:08:08 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions [2012.10.04 19:17:55 | 000,000,000 | ---D | M] (WOT) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.08.03 18:30:53 | 000,330,316 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Mozilla\Firefox\Profiles\lehyrx9p.default\extensions\personas@christopher.beard.xpi [2013.01.29 20:20:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.26 15:53:11 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.04.28 08:14:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} File not found (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\Lutoxxxx\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\LEHYRX9P.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2013.01.05 04:44:54 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2012.08.15 17:23:53 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Programme\mozilla firefox\plugins\nprpplugin.dll [2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.24 23:40:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Programme\M-net\Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation) O3 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\Toolbar\ShellBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [DELL Webcam Manager] C:\Programme\Dell\Dell Webcam Manager\DellWMgr.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKLM..\Run: [dscactivate] C:\Programme\Dell Support Center\gs_agent\custom\dsca.exe ( ) O4 - HKLM..\Run: [F-Secure Manager] C:\Programme\M-net\Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation) O4 - HKLM..\Run: [F-Secure TNB] C:\Programme\M-net\Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Programme\Gemeinsame Dateien\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Programme\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [mxomssmenu] C:\Programme\Maxtor\OneTouch Status\maxmenumgr.exe (Maxtor Corporation) O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Programme\Gemeinsame Dateien\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [OEM13Mon.exe] C:\WINDOWS\OEM13Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\programme\update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [tuloxFreeWBE] C:\Programme\tuloxFreeWBE\FreeDict.exe (GEKKO Software GmbH) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [AVMUSBFernanschluss] C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\AVMAutoStart.exe (AVM Berlin) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [DellSupportCenter] C:\Programme\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [EssentialPIM] C:\Programme\EssentialPIM\EssentialPIM.exe (Astonsoft Ltd) O4 - HKU\S-1-5-21-229967651-452918711-2505415267-1005..\Run: [ISUSPM] C:\Programme\Gemeinsame Dateien\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\WISO Mein Steuer-Sparbuch heute.lnk = C:\Programme\WISO\Steuersoftware 2013\mshaktuell.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe File not found O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Programme\PPLive\PPLive.exe File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Programme\M-net\Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation) O15 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-229967651-452918711-2505415267-1005\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab (Java Plug-in 1.7.0_15) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE25EA7C-502D-499D-BC6A-7073B00B43A9}: DhcpNameServer = 192.168.178.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.04.25 16:00:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2008.09.19 07:20:42 | 000,000,000 | R--D | M] - D:\autorun -- [ CDFS ] O32 - AutoRun File - [2008.09.16 07:29:33 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.02.25 22:04:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2013.02.25 22:04:26 | 000,000,000 | ---D | C] -- C:\JRT [2013.02.25 22:02:48 | 000,547,439 | ---- | C] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\JRT.exe [2013.02.24 23:34:42 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.02.24 23:32:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.02.24 23:32:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.02.24 23:32:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.02.24 23:32:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.02.24 23:32:24 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.24 23:32:20 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Startmenü\Programme\Verwaltung [2013.02.24 23:32:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.02.24 23:29:30 | 005,034,894 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\ComboFix.exe [2013.02.23 19:49:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\McAfee Security Scan Plus [2013.02.23 01:09:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Tracing [2013.02.23 00:07:24 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.23 00:07:18 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.23 00:07:18 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.23 00:07:17 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.22 00:50:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip [2013.02.22 00:50:31 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2013.02.22 00:49:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Virus [2013.02.22 00:07:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe [2013.02.19 21:11:21 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Thunderbird [2013.02.17 13:31:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Erbfälle [2013.02.17 13:31:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\AAV [2013.02.17 12:48:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\AAV [2013.02.17 12:48:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\InfoBibliothek 2 [2013.02.17 12:47:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ErbschaftsPlaner [2013.02.17 12:45:03 | 000,000,000 | ---D | C] -- C:\Programme\Akademische Arbeitsgemeinschaft [2013.02.17 12:41:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AAV [2013.02.17 10:46:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Malwarebytes [2013.02.17 10:46:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware [2013.02.17 10:46:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2013.02.17 10:46:09 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.02.17 10:46:09 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.02.16 19:49:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee Security Scan [2013.02.16 19:49:35 | 000,000,000 | ---D | C] -- C:\Programme\McAfee Security Scan [2012.08.15 17:24:15 | 000,656,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjbres.dll [2012.08.15 17:24:15 | 000,361,984 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjdlg.dll [2012.08.15 17:24:15 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Programme\dunzip32.dll [2012.08.15 17:24:15 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\ierjplug.dll [2012.08.15 17:24:15 | 000,034,304 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjprog.dll [2012.08.15 17:24:15 | 000,016,896 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\wmdmhelper.dll [2012.08.15 17:24:14 | 001,115,376 | ---- | C] (Gracenote) -- C:\Programme\cddbmusicid.dll [2012.08.15 17:24:14 | 000,943,344 | ---- | C] (Gracenote) -- C:\Programme\cddblink.dll [2012.08.15 17:24:14 | 000,009,728 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\fixrjb.exe [2012.08.15 17:24:13 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Programme\cddbcontrol.dll [2012.08.15 17:24:13 | 000,074,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tsasdk.dll [2012.08.15 17:24:13 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tpasdk.dll [2012.08.15 17:24:13 | 000,045,056 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\mmcdda32.dll [2012.08.15 17:24:13 | 000,023,552 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\tnetdtct.dll [2012.08.15 17:24:12 | 000,067,584 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpwa3260.dll [2012.08.15 17:24:12 | 000,045,760 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshellsearch.dll [2012.08.15 17:24:10 | 000,375,448 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realconverter.exe [2012.08.15 17:24:10 | 000,349,336 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\convert.exe [2012.08.15 17:24:05 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Programme\mc_enc_mp4v.dll [2012.08.15 17:24:05 | 000,381,080 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realtrimmer.exe [2012.08.15 17:24:05 | 000,129,680 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realshare.exe [2012.08.15 17:24:02 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Programme\dbghelp.dll [2012.08.15 17:24:02 | 000,072,192 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rjwmapln.dll [2012.08.15 17:24:01 | 000,046,592 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpau3260.dll [2012.08.15 17:23:53 | 000,116,920 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rdsf3260.dll [2012.08.15 17:23:53 | 000,088,064 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\hxaudiodevicehook.dll [2012.08.15 17:23:53 | 000,029,856 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rndevicedbbuilder.exe [2012.08.15 17:23:52 | 000,086,528 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpplugprot.dll [2012.08.15 17:23:52 | 000,064,696 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rpshell.dll [2012.08.15 17:23:51 | 000,018,104 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\rphelperapp.exe [2012.08.15 17:23:50 | 000,499,352 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realplay.exe [2012.08.15 17:23:50 | 000,010,240 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\realjbox.exe [2012.08.15 17:23:49 | 000,439,504 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\recordingmanager.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.25 22:28:01 | 000,001,094 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.02.25 22:26:36 | 000,060,812 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001 [2013.02.25 22:26:35 | 000,200,610 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml [2013.02.25 22:26:10 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-229967651-452918711-2505415267-1005.job [2013.02.25 22:26:03 | 000,000,376 | ---- | M] () -- C:\WINDOWS\tasks\Final Media Player Update Checker.job [2013.02.25 22:25:59 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.02.25 22:25:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.02.25 22:25:40 | 3215,863,808 | -HS- | M] () -- C:\hiberfil.sys [2013.02.25 22:03:49 | 000,594,019 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\adwcleaner.exe [2013.02.25 22:02:49 | 000,547,439 | ---- | M] (Oleg N. Scherbakov) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\JRT.exe [2013.02.25 21:44:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.02.25 12:44:28 | 000,000,459 | ---- | M] () -- C:\WINDOWS\ProfitMaker8.ini [2013.02.25 00:02:20 | 000,000,566 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job [2013.02.24 23:40:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.02.24 23:34:50 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.02.24 23:29:31 | 005,034,894 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\ComboFix.exe [2013.02.24 22:15:09 | 000,001,802 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI [2013.02.24 22:04:23 | 000,496,976 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.02.24 22:04:23 | 000,453,438 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.02.24 22:04:23 | 000,100,260 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.02.24 22:04:23 | 000,076,760 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.02.23 19:49:44 | 000,001,743 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.23 19:49:44 | 000,001,737 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.02.23 01:10:14 | 000,002,391 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Dell Support Center.lnk [2013.02.23 01:10:09 | 000,002,153 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\FRITZ!DSL Startcenter.lnk [2013.02.23 00:07:04 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll [2013.02.23 00:07:01 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2013.02.23 00:07:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2013.02.23 00:07:01 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2013.02.23 00:07:01 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2013.02.23 00:07:00 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npDeployJava1.dll [2013.02.23 00:07:00 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2013.02.22 23:13:46 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.02.22 22:34:48 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2013.02.22 00:07:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\OTL.exe [2013.02.21 08:29:02 | 000,000,372 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\spider.sav [2013.02.20 18:26:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-229967651-452918711-2505415267-1005.job [2013.02.17 12:49:04 | 000,001,973 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rechtstipps - Der ErbschaftsBerater.LNK [2013.02.17 12:47:40 | 000,001,873 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ErbschaftsPlaner.lnk [2013.02.17 12:35:36 | 000,000,978 | ---- | M] () -- C:\WINDOWS\wiso.ini [2013.02.16 19:49:32 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.02.16 19:49:32 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.02.14 03:28:37 | 000,146,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.02.14 03:08:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2013.02.10 17:11:31 | 000,000,540 | ---- | M] () -- C:\WINDOWS\tasks\Rescue Reminder for 2HAPMXQ0.job [2013.02.02 14:27:01 | 032,875,520 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Recovery.bkf [2013.01.29 20:20:31 | 000,000,698 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk [2013.01.29 20:19:34 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Arbeitsplatz.lnk [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.25 22:03:46 | 000,594,019 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Desktop\adwcleaner.exe [2013.02.24 23:34:50 | 000,000,211 | ---- | C] () -- C:\Boot.bak [2013.02.24 23:34:45 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.02.24 23:32:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.02.24 23:32:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.02.24 23:32:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.02.24 23:32:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.02.24 23:32:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.02.22 23:13:46 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys [2013.02.17 12:49:04 | 000,001,973 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Rechtstipps - Der ErbschaftsBerater.LNK [2013.02.17 12:47:40 | 000,001,873 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ErbschaftsPlaner.lnk [2013.02.16 19:49:35 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\McAfee Security Scan Plus.lnk [2013.02.16 19:49:35 | 000,001,737 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk [2013.02.02 14:25:58 | 032,875,520 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Recovery.bkf [2013.01.29 20:19:34 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Eigene Dateien\Arbeitsplatz.lnk [2013.01.10 03:26:56 | 000,627,080 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2012.08.15 17:24:14 | 000,002,851 | ---- | C] () -- C:\Programme\cdroms.cfg [2012.08.15 17:24:12 | 000,119,808 | ---- | C] () -- C:\Programme\waiting.avi [2012.08.15 17:24:12 | 000,067,473 | ---- | C] () -- C:\Programme\realplay.chm [2012.08.15 17:24:12 | 000,057,762 | ---- | C] () -- C:\Programme\howto.chm [2012.08.15 17:24:12 | 000,027,278 | ---- | C] () -- C:\Programme\frw.bmp [2012.08.15 17:24:12 | 000,016,296 | ---- | C] () -- C:\Programme\realtfon.fon [2012.08.15 17:24:10 | 000,818,622 | ---- | C] () -- C:\Programme\converter.vs [2012.08.15 17:24:05 | 000,045,443 | ---- | C] () -- C:\Programme\sharemedia.vs [2012.08.15 17:24:04 | 000,001,209 | ---- | C] () -- C:\Programme\flvplay.swf [2012.08.15 17:24:01 | 000,033,157 | ---- | C] () -- C:\Programme\RealNetworks License.html [2012.08.15 17:24:01 | 000,033,157 | ---- | C] () -- C:\Programme\playrlic.html [2012.08.15 17:23:58 | 000,055,043 | ---- | C] () -- C:\Programme\presets.rnx [2012.08.15 17:23:58 | 000,000,480 | ---- | C] () -- C:\Programme\keys.dat [2012.08.15 17:23:57 | 000,995,243 | ---- | C] () -- C:\Programme\normal.vs [2012.08.15 17:23:57 | 000,061,495 | ---- | C] () -- C:\Programme\ssimages.vs [2012.08.15 17:23:51 | 000,001,161 | ---- | C] () -- C:\Programme\autoplaylist.dat [2012.08.15 17:23:51 | 000,000,043 | ---- | C] () -- C:\Programme\strs23.dat [2012.08.15 17:23:51 | 000,000,013 | ---- | C] () -- C:\Programme\strs26.dat [2012.08.15 17:23:50 | 000,427,405 | ---- | C] () -- C:\Programme\calibrate.rv [2012.08.15 17:23:50 | 000,017,846 | ---- | C] () -- C:\Programme\videotest.rm [2012.08.15 17:23:50 | 000,000,221 | ---- | C] () -- C:\Programme\subscription.rnx [2012.08.15 17:23:50 | 000,000,177 | ---- | C] () -- C:\Programme\freeoffers.rnx [2012.02.16 06:59:52 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.11.02 16:24:39 | 000,044,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys [2011.06.16 14:21:10 | 000,001,940 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini [2011.04.08 16:58:50 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2011.03.28 15:01:02 | 000,000,007 | ---- | C] () -- C:\WINDOWS\SHISETUP.SYS [2009.12.29 16:02:43 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ColorSync [2009.12.29 16:02:43 | 000,000,268 | RH-- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Anwendungsdaten\Classical [2009.12.29 16:02:43 | 000,000,020 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PKP_DLdu.DAT [2009.12.29 16:02:43 | 000,000,012 | RH-- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common [2009.08.02 17:01:52 | 000,022,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.08.01 09:30:33 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat ========== ZeroAccess Check ========== [2008.04.25 16:06:06 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2012.12.27 11:24:13 | 001,510,400 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 13:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > extras Code:
ATTFilter OTL Extras logfile created on: 25.02.2013 22:31:41 - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Lutoxxxx\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,60% Memory free
4,84 Gb Paging File | 4,17 Gb Available in Paging File | 86,32% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 298,05 Gb Total Space | 175,79 Gb Free Space | 58,98% Space Free | Partition Type: NTFS
Drive D: | 107,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: NIVALULI | User Name: Lutoxxxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2066:TCP" = 2066:TCP:*:Enabled:Fritz-USB-Drucker-TCP
"2066:UDP" = 2066:UDP:*:Enabled:Fritz-USB-Drucker-UDP
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player-Netzwerkfreigabedienst
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE" = C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Programme\Dell Video Chat\DellVideoChat.exe" = C:\Programme\Dell Video Chat\DellVideoChat.exe:*:Enabled:Dell Video Chat -- (Dell Inc. and SightSpeed Inc.)
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\Windows Live\Messenger\msnmsgr.exe" = C:\Programme\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger -- (Microsoft Corporation)
"C:\Programme\Windows Live\Sync\WindowsLiveSync.exe" = C:\Programme\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)
"C:\Programme\FRITZ!DSL\IGDCTRL.EXE" = C:\Programme\FRITZ!DSL\IGDCTRL.EXE:*:Enabled:AVM FRITZ!DSL - igdctrl.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\FBOXUPD.EXE" = C:\Programme\FRITZ!DSL\FBOXUPD.EXE:*:Enabled:AVM FRITZ!DSL - fboxupd.exe -- (AVM Berlin)
"C:\Programme\FRITZ!DSL\WebwaIgd.exe" = C:\Programme\FRITZ!DSL\WebwaIgd.exe:*:Enabled:AVM FRITZ!DSL - webwaigd.exe -- (AVM Berlin)
"C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_f8d772dfbb3f7453_0002.0001_0db5bf169ed5c0c1\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
"C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe" = C:\Programme\FinalMediaPlayer\FMPCheckForUpdates.exe:*:Enabled:Final Media Player Update Checker -- (Bitberry Software)
"C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe" = C:\Programme\FRITZ!Box-Kindersicherung\avmident.exe:*:Enabled:AVM FRITZ!Box Kindersicherung -- (AVM Berlin)
"C:\Programme\Bonjour\mDNSResponder.exe" = C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Dienst "Bonjour" -- (Apple Inc.)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\tuloxFreeWBE\FreeDict.exe" = C:\Programme\tuloxFreeWBE\FreeDict.exe:*:Disabled:tulox-Wörterbuch -- (GEKKO Software GmbH)
"C:\Programme\Skype\Phone\Skype.exe" = C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.)
"C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe" = C:\Dokumente und Einstellungen\Lutoxxxx\Lokale Einstellungen\Apps\2.0\8KRO677R.DAH\X8EX6LKL.L3T\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe:*:Enabled:FRITZ!Box USB-Fernanschluss -- (AVM Berlin)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
""Durchstarten mit Ponky - Englisch 5+6"" = "Durchstarten mit Ponky - Englisch 5+6"
"{02F0B8AE-7501-4333-AFBE-6BAABFEC7637}" = WISO Steuer-Sparbuch 2011
"{0394CDC8-FABD-4ED8-B104-03393876DFDF}" = Roxio Creator Tools
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07159635-9DFE-4105-BFC0-2817DB540C68}" = Roxio Activation Module
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer-Sparbuch 2012
"{0D397393-9B50-4C52-84D5-77E344289F87}" = Roxio Creator Data
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series" = Canon MX700 series
"{1207DF3C-D72C-492F-8643-D96D1500641D}" = USB Printer Server Driver
"{1D5E29AD-39A9-4D0A-A8B6-46A6FCD8C995}" = Live! Cam Avatar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CD223-1B9D-47E8-A76C-E478B83CCEA2}" = File Uploader
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83217015FF}" = Java 7 Update 15
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2F4C24E6-CBD4-4AAC-B56F-C9FD44DE5668}" = Roxio Drag-to-Disc
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{46B70DEB-97B3-4E38-B746-EC16905E6A8F}" = WISO Sparbuch 2010
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58F8C6D9-5B55-486A-A322-4E8D87670031}" = Canon MP-Treiber
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BF5F9C5-E95B-4AFA-94BE-F2A9CA73B61D}" = Apple Mobile Device Support
"{619CDD8A-14B6-43A1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{78D7D7CD-A06B-4514-ACBD-8055BF945A8E}" = InfoBibliothek 2
"{7EF492E6-3A37-440A-8A67-006579EAC609}" = ErbschaftsPlaner
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{83FFCFC7-88C6-41C6-8752-958A45325C82}" = Roxio Creator Audio
"{842EFEDE-6700-4CC8-802A-444C7F927021}" = Dell Sicherungs- und Wiederherstellungs-Manager
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC
"{8FF6231F-D670-4AFD-9512-957515E2E1DF}" = Timex Data Link USB
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_BASICR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_BASICR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_BASICR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_BASICR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_BASICR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_BASICR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0013-0000-0000-0000000FF1CE}" = Microsoft Office Basic 2007
"{91120000-0013-0000-0000-0000000FF1CE}_BASICR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A350D1A7-ED43-43B2-8D53-D90B924F0BAB}" = Tipps und Tricks
"{A47AFECA-7F0F-471A-82A3-68DEB673A311}" = AVM FRITZ!Box-Kindersicherung
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A8D93648-9F7F-407D-915C-62044644C3DA}" = MSI to redistribute MS VS2005 CRT libraries
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAD47011-8518-4608-9656-951DA35B587B}" = iTunes
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}" = AAVUpdateManager
"{B3F1E526-180B-4480-9FEC-3E2DCB8EA9CE}" = F-Secure PSC Prerequisites
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D01F701A-1F23-494C-BE82-8A7441CADEEA}" = Lexware online banking V 3.00
"{D269BB19-DB39-43CE-B61E-521FE3965892}" = Quicken DELUXE 2005
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E9757890-7EC5-46C8-99AB-B00F07B6525C}" = Nikon Transfer
"{E97777AA-132B-4989-99B5-F987F67FBEE4}" = Mediaraptor
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced Video FX Engine" = Advanced Video FX Engine
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"BASICR" = Microsoft Office Basic 2007
"Canon MX700 series Benutzerregistrierung" = Canon MX700 series Benutzerregistrierung
"CanonMyPrinter" = Canon My Printer
"Creative OEM013" = Laptop Integrated Webcam Driver (1.01.01.0529)
"Dell Video Chat" = Dell Video Chat
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"EssentialPIM" = EssentialPIM
"FinalMediaPlayer_is1" = Final Media Player 2010
"F-Secure Product 444" = M-net Sicherheitspaket
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{4D36E953-4456-4F8F-BC44-90BC4AA59889}" = Maxtor Manager
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{A350D1A7-ED43-43B2-8D53-D90B924F0BAB}" = Tipps und Tricks
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"InstallShield_{D269BB19-DB39-43CE-B61E-521FE3965892}" = Quicken DELUXE 2005
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Klett Mathetrainer 8_is1" = Klett Mathetrainer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 18.0 (x86 de)" = Mozilla Firefox 18.0 (x86 de)
"Mozilla Thunderbird 17.0.3 (x86 de)" = Mozilla Thunderbird 17.0.3 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"phase-6" = phase-6 2.1.2.2a
"ProfitMaker 8" = ProfitMaker 8
"ProInst" = Intel PROSet Wireless
"ProtectDisc Driver" = ProtectDisc Helper Driver
"ProtectDisc Driver 10" = ProtectDisc Helper Driver 10
"RealPlayer 15.0" = RealPlayer
"TECUNIONLINE" = TECUNIONLINE
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-229967651-452918711-2505415267-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C58EBE-223E-4AB6-8AE9-38F27F4420BD}" = WISO Sparbuch 2009
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss - 1
"f6791b188d8f3ff8" = AVM FRITZ!Box USB-Fernanschluss
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Neoteris_Host_Checker" = Juniper Networks Host Checker
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 24.02.2013 10:59:46 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2000
Error - 25.02.2013 00:11:40 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.02.2013 00:11:40 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1984
Error - 25.02.2013 00:11:40 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1984
Error - 25.02.2013 00:11:43 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.02.2013 00:11:43 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4406
Error - 25.02.2013 00:11:43 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4406
Error - 25.02.2013 01:50:09 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 25.02.2013 01:50:09 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5910687
Error - 25.02.2013 01:50:09 | Computer Name = NIVALULI | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5910687
[ System Events ]
Error - 24.02.2013 18:33:21 | Computer Name = NIVALULI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 24.02.2013 18:36:10 | Computer Name = NIVALULI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 24.02.2013 18:37:45 | Computer Name = NIVALULI | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 24.02.2013 18:49:52 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 24.02.2013 18:49:52 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 24.02.2013 18:49:52 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 25.02.2013 13:14:07 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {BA126AD1-2166-11D1-B1D0-00805FC1270E}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 25.02.2013 17:25:58 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 25.02.2013 17:25:58 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
Error - 25.02.2013 17:25:58 | Computer Name = NIVALULI | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Computerstandard) wird der SID
(S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung
(Lokal) für die COM-Serveranwendung mit CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
geändert werden.
< End of report >
nlut |
|
26.02.2013, 10:50
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.02.2013, 22:59
| #13 |
| |  Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo cosinus, Malwarebyte lieferte keine Fehler. ESET-logfile: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=21514998ea0e0d49a003b73858f98a58
# engine=13267
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-28 09:44:21
# local_time=2013-02-28 10:44:21 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=109649
# found=0
# cleaned=0
# scan_time=4916
nlut |
|
01.03.2013, 14:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Die Logs bitte immer posten egal ob Fund oder kein Fund!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.03.2013, 12:44
| #15 |
| | Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker Hallo Cosinus, hier das Malwarebytes-log Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.02.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Lutoxxxx :: NIVALULI [Administrator] 02.03.2013 12:34:38 mbam-log-2013-03-02 (12-34-38).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 267136 Laufzeit: 5 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) nlut |
|
| Themen zu Win XP - Trojan.FakeAlert - Malware.Trace - Hijacker |
| acedrv05.sys, administrator, adobe, adobe flash player, bho, bonjour, browser, explorer, firefox, flash player, fontcache, helper, hijacker.application, hijacker.intl, hijacker.xmllookup, intranet, malware.trace, monitor, mozilla, nvidia, plug-in, realtek, registry, security, senden, software, sttray.exe, temp, trojan.fakealert, wiso |
WARNUNG an die MITLESER: 
Linear-Darstellung
